View Full Version : IPCOP and administer it from RED network
01-11-2005, 02:00 PM
I have an IPCOP firewall on my home network. Is there anyway that I can access it from the RED side ie from my office computer. If so, how do I do it?:confused:
01-11-2005, 02:06 PM
Firewall -> External Access
Setup a rule to allow your source IP to port 445 (for gui) and 222 (for ssh) if you need it.
I would not recommend allowing a source of any.
The way that I do this, rather than having external access rules, is under port forwarding, to allow port 3389 to forward to one of my internal machines, allowing only my work ip addy through.
I can then use windows terminal services to get into my home desktop and administer the firewall from there.
01-11-2005, 02:10 PM
Okay, I have a DSL192 connection thru Telkom. It is a Marconi Router that is then connected to the RED side of IPCOP and my home network is on the Green side (naturally). How do I address the home computers that are sitting on a 192.168.1.0 network?
01-11-2005, 02:22 PM
I'm assuming that the marconi router is set to bridge mode (ie, it's not doing any firewalling itself).
The easiest thing to do is to setup dynamic dns on IPCop. I personally use dyndns.
That way, you always know what your machine name is regardless of the IP.
Each machine in your green network has an IP address (hopefully either static, or assigned statically via DHCP from your IPCop) - If your GREEN workstation addresses are dynamic, you will have an impossible time trying to do this.
Say you have three machine on your green network: asterix, obelix and getafix for arguments sake. Asterix is running a web server, obelix is your windows XP desktop, and getafix is another Windows XP desktop.
(I'm basically describing my own LAN setup here).
Now, I want to access all my machines for various services from outside. I want to get to the web server on asterix, and the remote desktops on the other two machines.
My IPCop box is setup with a dynamic dns name, so it's always updated with the current ip. We'll call this name ipcop.homeip.dom.
I setup port forwarding in IPCop:
default ip, source port 80 to destination ip asterix, destination port 80.
default ip, source port 3389 to destination ip obelix, destination port 3389
default ip, source port 3333 to destination ip getafix, destination port 3389
Now, to access the web server on asterix, I type 'http://ipcop.homeip.dom' in my browser at work, and voila, I get my web page on asterix.
I want to remote desktop to obelix, so I open up remote desktop, and type in 'ipcop.homeip.dom' and voila, I get a connection to obelix.
I want to remote desktop to getafix, so I type 'ipcop.homeip.dom:3333' and voila, I've got a remote desktop connection to getafix.
It's that easy. If you want to be more secure, I would suggest changing the SOURCE port. The Source port is not actually the port the data is coming FROM, as you would logically think. It's actually the port you would connect TO on the ipcop box, which would then forward through to the DESTINATION port of whatever IP address you specify as the destination.
Anyway, hope this explanation helps.
01-11-2005, 02:30 PM
I shall give it a bash. are you able to help on my other question regarding sendemail and tcar addon to ipcop?
02-11-2005, 08:04 PM
Okay, I am busy getting things set up but I have a question for you, My Marconi Router has an IP address and will need to forward the packets from it to the IPCOP server. How is that done?
30-12-2009, 02:53 AM
I'm new using IPCOP and I have a similar problem that you have explained in this thread. I want to configure my lan to allow remote desk connection between my computer (192.168.1.250) and a remote computer (22.214.171.124). My port forwarding configuration is:
Source: IP DEFAULT: 3389
and when I try a connection the log of IPCOP firewall shows me the next message:
IN=eth0 OUT=eth2 SRC=192.168.1.250 DST=126.96.36.199 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=63685 DF PROTO=TCP SPT=3389 DPT=4479 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Where is my mistake?
Thank you in advance for your help
30-12-2009, 08:39 AM
If you have a static IP at work then you might want to create a firewall rule so that only you can SSH to your ip cop device.