Ipcop problem

[jaspergreen]

I hope this is the right thread. I am having some trouble with IPcop:
5 pc's ip addresses ranging from:10.0.0.4-10.0.0.9
Ipcop green interface: 10.0.0.1
Ipcop red interface: 10.0.0.3
Telkom Router ip:10.0.0.2

Here is the trouble when I set the red interface to a dynamic Ip address it happily connects to internet.Only form the Ipbox itself.I cant see the green interface at all from the lan.If I change the red interface to a static Ip address it can't connect to the internet anymore but I can see the green interface and log into the web gui.

 

[The_Unbeliever]

It is because your IPcop green and red does not overlap, but is the same subnet.

You'll need to try green as 10.0.10.x or red as 10.0.5.x

good luck.

 

[The_Unbeliever]

Also, if you put your router into bridged mode, and create a PPPoE account for your router, then you won't need to worry about IP adressing on the red side, but only on the green side.

 

[thisgeek]

Yep. Set your router to bridged mode, as Libby said. Then you leave the IP on your red interface unassigned. SSH to the box, and run 'setup' as root. You can configure the RED interface as PPPoE. Then, in the web gui, under network, dial-up settings (I think, working from memory here), you configure your account there. Set it up as RASPPOE plugin, and you're good to go.

It's always important to remember, when you have a hardware firewall, the inside IP network range cannot be the same as the outside IP range.

 

[Hazard]

hi, i have a problem neary the same as this... i set my red interface to PPPOE and my router address in 192.168.1.2, green is 10.0.0.x. it works perfectly but i cant access my router via IP. my eth1 shows as 1.1.1.1. how can i get my eth to be on a 192.168.1.x address? Thanx

 

[stoke]

Incorrect configuration.
IPCop requires 2 network cards to function properly, 1 network card connected to your ADSL modem in bridged mode, and 1 network card connecting to the rest of the network.

 

[thisgeek]

hi, i have a problem neary the same as this... i set my red interface to PPPOE and my router address in 192.168.1.2, green is 10.0.0.x. it works perfectly but i cant access my router via IP. my eth1 shows as 1.1.1.1. how can i get my eth to be on a 192.168.1.x address? Thanx

Funny that you should mention this... I've just written a HOWTO that I'm about to post.

EDIT: Here you go: http://mybroadband.co.za/vb/showthread.php?t=114216

 

[Hazard]

THANX SO MUCH, ill try this now

 

[Hazard]

what i done is...i edited the RC.d RED file and changed the RED IP to 192.168.1.1 (my router address is 192.168.1.2) then i was able to access my router through web interface but not able to ping it nor am i able to connect through windows PPPOE, Basically, i am trying to be able to connect through windows PPPOE

 

[Hazard]

doesnt work for me, if i do the add route command, i can already access my router but i still cant create PPPOE connections in windows to it.

 

[thisgeek]

Nope, if you have an IPCop in between, then you won't.
What is the point of having the IPCop if you still want to establish pppoe through Windows?

 

[Hazard]

so that i can use a different username and password on one pc alone or just to test something by bypassing firewall totally. there must be a way to do it coz its possible with all the linux servers. why is ipcop so different.

 

[The_Unbeliever]

IPCop/Smoothwall is a hardware (dedicated) firewall, and will initiate, manage and filter the connection for you and your network.

With what linux servers was it possible to bypass the firewall totally? This is not a good idea to bypass any kind of firewall completely unless you know what you're doing, and even then I'd be very careful in connecting a windows PC "naked" to the Internet.

 

[Hazard]

i know what im doing. Besides, i used to do it all the time with my router. you should still be able to setup a linux server so that you can access the modem and dial straight out using windows PPPOE with a Broadband username and password.

If you dial through windows PPPOE (whether it is a router or a linux server) it bypasses the firewall (router or server) and connects through bridge mode.

When my router was connected, it was in PPPOE mode as well as Bridged mode so i would establish a normal connection via PPPOE and this connection would run through the router firewall. Say for instance, i wanted to use a different account, i could then dial up through windows and i could use the secondary account without affecting others on the network who still use the router account. Thats what im trying to do here. i know its possible, is just has to be setup in IPCOP.

By the way, Routesentry uses a PPPOE connection in windows and thats open to any attacks coz it bypasses router firewall and the only thing you got protecting you is windows firewall or your antivirus firewall.

 

[thisgeek]

Doing that just defeats the purpose of having an IPCop.

 

[stoke]

The PPPOE connection from windows can only be initiated on the DEFAULT GATEWAY machine.
If IPCOP is the default gateway, then windoze is trying to initiate the PPPOE connection on the IP Cop machine, and IPCop is not configured to "throughpass" a PPPOE request through to the ADSL modem, you may be able to write your own custom forwarding filter to do that, but it will be massively difficult and resource intensive for IPCop to manage once the connection is established.
It will be like : Windoze -> Wondows PPPOE -> IPCop -> Filter -> Router -> Internet ..... Internet -> IPCop -> Backwards identifying filter -> Wondows PPPOE -> Windows, and now this Windows machine has 2 ip addresses.

This is INSANITY!

 

[Hazard]

Thats exactly what i want, the second IP address it will get is a new Internet IP. It will be on a seperate account as the IPCOP box. Ive created a temporary solution by connecting my router directly to the switch as well as the IPCOP, it works this way but when i dialup like that, i cannot access my router. I think my temp solution is ok for now until i get another solution

Thanx anyway

By the way...it would be like this:
1) Windows -> Switch -> IPCop -> Router -> Internet (on All other Machines) (one ISP account)
2) Windows -> Router -> Internet2 (On machine thats dialing windows PPPOE) (SEPERATE ISP ACCOUNT)