Skip to main content

Ipcop: use the blue interface as a second green

More
18 years 4 months ago #15759 by bicio30
like object, how can i modify the blue interface to act as a second green?
i would to use 2 ip classes (e.g. 192.168.0.0/24 and 192.168.1.0/24) to share everything toghether, but on the old blue interface not give red access...
now i have copfilter installed, but my idea is to reinstall and use ipcop 1.4.10 whitout any addons....
thank a lot for any answers...
Bicio.
More
18 years 4 months ago #15777 by DaLight
Welcome to firewall.cx, bicio30.

Yes, you can use your BLUE interface as a second GREEN. By default access to RED from BLUE is blocked as is access to GREEN from BLUE. As you do not want access to RED from BLUE, we only need to figure out how to grant access to GREEN from BLUE. The following link gives the default settings for traffic between IPCOP interfaces. You can do this using any of the following methods:

1. DMZ Pinholes (Look here )
2. VPN from BLUE to GREEN (Look here and here )

The first method requires you to specify access for individual ports without a need to make changes on client machines on BLUE. Using the second method, full access can be granted to all machines on BLUE, but VPN settings will need to be configured on the machines.
More
18 years 3 months ago #15787 by bicio30
first of all, thanks for the reply!!!
yes, reading the ipcop manual i've understood the first methode, with DMZ pinholes.
the second for me is too invasive for the other machines in blue, so i tried with pinholes.
if i set pinholes for tcp and udp ports from 1 to 65535 can i access from one to the other like a big net??
i tried, but without success...
i also will try to install ipcop in another machine to make some test, because i had problems with my actual firewall machine in the very first setup (i had to update the bios to make 3 nics working).
i will try and repost..
thanks again.
Bicio.
More
18 years 3 months ago #15807 by DaLight
I agree that you need to ensure that all the NICs are working properly. Did you specify the ranges in this format?
[code:1]1:65535[/code:1]
I'm sure you realise that the Pinholes need to setup in one direction only, as GREEN to BLUE is open by default.
More
18 years 3 months ago #15817 by bicio30
yes, i agree...
from green to blue i had problems, so i try to install in another machine.
yes, the format of port range is that (if not, ipcop gives me an error)
now the firewall is on thin compaq client.
i think (ehm, i hope) to resolve with a new installation in a standard machine.
thank a lot again!!!
Bicio.
More
18 years 3 months ago #15818 by DaLight
Let us know how you get on successful or not!!
Time to create page: 0.140 seconds