27th November 2005, 16:13
|
|
Junior Member
|
|
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
IPCop multiple green networks... PLEASE HELP
Hi,
I've got a working ipcop machine with just red and green interfaces. However internally I've got a few VLANs and I would like machines on all of them to use this ipcop server as an Internet gateway / firewall.
I've managed to get the web proxy, etc. working for them by adding static routes back to the VLANS but I cannot get ipcop to work as a gateway for multiple internal networks.
I've searched the forums but haven't found a solution yet. One suggestion was to add rules like:
/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.20.0/24 -o $RED_DEV -j ACCEPT
to the rc.local file but this doesn't cut it.
anybody know how to do this?
|
27th November 2005, 16:14
|
|
Junior Member
|
|
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I have a very similar problem. Please help. I have a CISCO VPN concentrator that lets our employees access the network from home. The internal network ip and subnet are different from given to users who come through the VPN concentrator from home. The VPN concentrator is directly connected to the internal switch of our green network.
Green Network = 192.168.1.0/24
VPN concentrator users = 192.168.2.0/24
The VPN users can see the entire internal network/access email/RDP to their computers with the old Firewall/Gateway. But as soon as I replaced it with the replaced IPCOP firewall VPN users could only ping the the gateway and the mailhost. They could not access any shared drives or remote control their computers. I have duplicated the persistant routes that were on the original Firewall/Gateway in the rc.local file but it still doesn't work. The entire network is working flawlessly except for VPN access, PLEASE HELP. IPCOP is somehow blocking the VPN users with IPs of 192.168.2.0/24 from accessing the GREEN network (192.168.1.0/24) and vice cersa. I really love IPCOP. Their must by a way to allow complete access to the green network from an IP address other then that set for the GREEN Network.
192.168.1.0/24 green interface and green network
192.168.2.0/24 also green interface but VPN network
Both subnet are plugged into the same switch but they cannot talk to each other. PLEASE HELP, thank you very much for any help you can offer.
|
27th November 2005, 16:15
|
|
Junior Member
|
|
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
www
|
|
|
|RED = xxx.xxx.xxx.xxx
IPCOP
|GREEN = 192.168.1.1
|
|
|
SWITCH----VPN Concentrator = 192.168.2.0/24
|
|
|
|
INTERNAL LAN
192.168.1.0/24
The Internal LAN works perfectly exactly as it should. But the VPN users cannot access the internal LAN. The 192,168.2.0/24 LAN must works just as the GREEN Network. They must be able to access each other completely. Thank you for any help
|
27th November 2005, 16:16
|
|
Junior Member
|
|
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
There must be a way to make this happen by adding rules to the firewall file. Please help. Anyone who has experience altering the firewall rules of ipcop please help.
Ipcop also alows you to add your own iptables rules, the problem is that I don't know what I have to add to make this work. Any help is much appreciated. I have told my boss that IPCOP is the way to go and now I cannot continue because of this very small speed bump. Thank you.
P.S. I cannot use the orange or blue network as a substitute for a second green network because I will aso need those networks.
|
27th November 2005, 23:48
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,853
Thanks: 781
Thanked 1,558 Times in 1,477 Posts
|
|
Please have a look here: http://www.howtoforge.com/perfect_xe...bian_ubuntu_p6
At the end of that page there are some firewall rules that could do what you want.
|
28th November 2005, 03:31
|
|
Junior Member
|
|
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thank you so much for responding so quickly.
Can you please explain further... If possible.
|
28th November 2005, 10:55
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,853
Thanks: 781
Thanked 1,558 Times in 1,477 Posts
|
|
On your IPCop system you could use
Code:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
I think your 192.168.2.0 network should then have internet access.
If you use something like
Code:
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.2.2:80
you can forward requests to certain ports (here: 80) to certain other ports on a destination machine (here: port 80 on 192.168.2.2). So people can access certain ports on certain machines from the outside. It's the same as port forwarding on a normal router.
|
28th November 2005, 15:01
|
|
Junior Member
|
|
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thank you very much falko... I will give that a try.
I do not care if the VPN users have internet access through IPCop all I care about is to make sure that the VPN users from the Cisco VPN concentrator can completely access the green network.
Thank you so much for taking the time to help me, I will give it a try and let you know what happens.
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
| Thread |
Thread Starter |
Forum |
Replies |
Last Post |
|
IPCop
|
falko |
Technical |
20 |
24th February 2009 19:41 |
All times are GMT +2. The time now is 10:51.
|
English | 
Deutsch
Recent comments
1 day 2 hours ago
1 day 7 hours ago
1 day 7 hours ago
1 day 7 hours ago
1 day 8 hours ago
1 day 11 hours ago
1 day 13 hours ago
1 day 13 hours ago
1 day 13 hours ago
1 day 15 hours ago