Help req with IPCop firewall box
29 July 2002, 02:38 PM
#1
Scooby Regular
Thread Starter
Join Date: Jul 1999
Posts: 711
Likes: 0
Received 0 Likes
on
0 Posts
OK Folks
I've built myself a IPop firewall box to go between my Cisco 803 isdn router and my network and I can't get it to work, I'm not daft (some might say) but it has to be to do with the default gateway on both the firewall or the desktops ..
All the desktops are using 192.168.1.6 as it's gateway (the isdn router) so I changed the default gateway to the green side eth port address of the firewall and the default gateway of the firewall to the isdn routers address and I sorta hoped it would work but oh no ... any ideas out there ? do any of you use an IPCop box with 2 eth cards ?
or am I missing the point ??
Kev
I've built myself a IPop firewall box to go between my Cisco 803 isdn router and my network and I can't get it to work, I'm not daft (some might say) but it has to be to do with the default gateway on both the firewall or the desktops ..
All the desktops are using 192.168.1.6 as it's gateway (the isdn router) so I changed the default gateway to the green side eth port address of the firewall and the default gateway of the firewall to the isdn routers address and I sorta hoped it would work but oh no ... any ideas out there ? do any of you use an IPCop box with 2 eth cards ?
or am I missing the point ??
Kev
29 July 2002, 02:57 PM
#2
Scooby Regular
Kev, not used IPCop, but I have configured Linux Firewalls with a similar setup.
You're correct in setting the default gateways. All PC's should point to the local NIC in your firewall (i.e. the one with the same network address as the PC's).
The firewall needs to point to the routers IP address (again, the local address for that side of the firewall).
One thing you'll need to do is modify the routing table on the router. It won't know how to route packets to your pc's without knowing how to get to that network. You can either use RIP so that the router and firewall tell each other about their networks or add a static route to the ISDN router telling it to get to your PC's network through the firewall NIC.
Hopefully this pic will explain what I mean
Other than that, it would depend on your firewall rules as to how you can diagnose the fault. e.g. if you disable ICMP, ping won't work.
Stefan
You're correct in setting the default gateways. All PC's should point to the local NIC in your firewall (i.e. the one with the same network address as the PC's).
The firewall needs to point to the routers IP address (again, the local address for that side of the firewall).
One thing you'll need to do is modify the routing table on the router. It won't know how to route packets to your pc's without knowing how to get to that network. You can either use RIP so that the router and firewall tell each other about their networks or add a static route to the ISDN router telling it to get to your PC's network through the firewall NIC.
Hopefully this pic will explain what I mean
Other than that, it would depend on your firewall rules as to how you can diagnose the fault. e.g. if you disable ICMP, ping won't work.
Stefan
29 July 2002, 03:22 PM
#3
Scooby Regular
I've not seen the product but....
If your not using NAT in the Firewall you'll need to add a route for the internal network into the ISDN router...
Jeff
If your not using NAT in the Firewall you'll need to add a route for the internal network into the ISDN router...
Jeff
29 July 2002, 05:46 PM
#4
Scooby Regular
Thread Starter
Join Date: Jul 1999
Posts: 711
Likes: 0
Received 0 Likes
on
0 Posts
Cheers both for that,
Gonna look into it in the next few days one mistake I think I am making is having both of the firewall NIC's in the same network as the host pc's and the same as the router, I'll have to re-address the hosts as they all have statics ( not too many only 6 )and add a static route on the router to pint to the host network..
Cheers chaps
Gonna look into it in the next few days one mistake I think I am making is having both of the firewall NIC's in the same network as the host pc's and the same as the router, I'll have to re-address the hosts as they all have statics ( not too many only 6 )and add a static route on the router to pint to the host network..
Cheers chaps
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM