- Posts: 7
- Thank you received: 0
IPcop filtering incoming traffic
15 years 4 months ago #30886
by ricka
IPcop filtering incoming traffic was created by ricka
i am trying to setup incoming filters through rc.local file on ipcop
but can not block the ip traffic for a given network
below is my rc.local config#!/bin/sh
#variables defined therein
. /var/ipcop/ethernet/settings
# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD
# shorthand helper
IPT="/sbin/iptables"
$IPT -A CUSTOMINPUT -i ppp0 -p ip -m iprange --src-range x.x.x.x-y.y.y.y -j DROP
I'm using a DSL line and configured ipcop for a single green interface connection
can somebody verify my rc.local file if I am missing anything
thank u for your time
but can not block the ip traffic for a given network
below is my rc.local config#!/bin/sh
#variables defined therein
. /var/ipcop/ethernet/settings
# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD
# shorthand helper
IPT="/sbin/iptables"
$IPT -A CUSTOMINPUT -i ppp0 -p ip -m iprange --src-range x.x.x.x-y.y.y.y -j DROP
I'm using a DSL line and configured ipcop for a single green interface connection
can somebody verify my rc.local file if I am missing anything
thank u for your time
15 years 4 months ago #30895
by TheBishop
Replied by TheBishop on topic Re: IPcop filtering incoming traffic
Dalight is the IPCop king. I'll give him a prod to take a look at your question
15 years 4 months ago #30905
by ricka
Replied by ricka on topic Re: IPcop filtering incoming traffic
I actually got IPCOP to work by reconfiguring the network connections from a single green to a red and green setup
IPCOP is now blocking the incoming traffic to my trusted machines
my problem now is opening up specific TCP ports from outside
accessing my trusted machines
used the port forwarding feature by specifying the internal ip
address of the destination machine and left source as default all
specified tcp 5900 for VNC but no go, do you need to use the
file rc.firewall.local for this type of filters
your assistance is greatly appreciated
IPCOP is now blocking the incoming traffic to my trusted machines
my problem now is opening up specific TCP ports from outside
accessing my trusted machines
used the port forwarding feature by specifying the internal ip
address of the destination machine and left source as default all
specified tcp 5900 for VNC but no go, do you need to use the
file rc.firewall.local for this type of filters
your assistance is greatly appreciated
15 years 4 months ago #30911
by sys-halt
Replied by sys-halt on topic Re: IPcop filtering incoming traffic
hello ricka, I have no knowledge in writing a proper syntax in IPTables. But I have used the GUI. Portforwarding feature should do the job for you.
I would double check the portforwarding you made through the GUI like does VNC uses TCP or UDP? I think it uses TCP but please refer to your specific VNC program documentation and double check that.
Please note that some VNC like programs can use multiple ports also check that and create multiple portforwarding rule for each required port.
you could check your firewall logs and see if it is listing any drop packets coming from red network to green network and on what port. this will help you in troubleshooting.
do you have BOT installed? BOT will take over the basic IPCop firewall rules and will drop all connections unless you make a new rule specifying source, destination and port required.
if you have BOT installed then just make a new rule and open the required port.
and finally check your PC firewall! maybe be your problem lies there and not on your IPCop.
good luck
I would double check the portforwarding you made through the GUI like does VNC uses TCP or UDP? I think it uses TCP but please refer to your specific VNC program documentation and double check that.
Please note that some VNC like programs can use multiple ports also check that and create multiple portforwarding rule for each required port.
you could check your firewall logs and see if it is listing any drop packets coming from red network to green network and on what port. this will help you in troubleshooting.
do you have BOT installed? BOT will take over the basic IPCop firewall rules and will drop all connections unless you make a new rule specifying source, destination and port required.
if you have BOT installed then just make a new rule and open the required port.
and finally check your PC firewall! maybe be your problem lies there and not on your IPCop.
good luck
15 years 4 months ago #30929
by ricka
Replied by ricka on topic Re: IPcop filtering incoming traffic
Syshalt, many thanks for your time and info, I have confirmed that
VNC only requires TCP port 5900 to work, I currently do not have BOT installed but will probably do it some time, as for the Firewall
logs I do not see any events stating that the incoming port tcp 5900 is even being blocked. My local machine does have FW feature
disabled so I guess I am left with trying BOT
VNC only requires TCP port 5900 to work, I currently do not have BOT installed but will probably do it some time, as for the Firewall
logs I do not see any events stating that the incoming port tcp 5900 is even being blocked. My local machine does have FW feature
disabled so I guess I am left with trying BOT
15 years 4 months ago #30930
by ricka
Replied by ricka on topic Re: IPcop filtering incoming traffic
update the BOT only filters outbound traffic, tried the rc.firewall.local files under /etc/rc.d but still no go
hope someone out there will have an answer
hope someone out there will have an answer
Time to create page: 0.132 seconds