Go Back   The Scream! > COMPUTER RELATED > PC Security
Reload this Page IPCop v1.3.0, external aliases, IPs
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 07-January-2004, 12:31
UncleRoger UncleRoger is offline
Screamer
  
Join Date: Jan 2004
Posts: 1
Unhappy IPCop v1.3.0, external aliases, IPs
Does anyone else have any experience using IPCop, public IPs and external aliases?

I've recently put in an IPCop v1.3.0 firewall to sit between our leased line and local network. I'm largely happy with the configuration and have merrily added external aliases to the box and set up port forwarding for email, our two webservers etc. It all works fine.

The problem is that whilst the external aliases function allows me to port forward from the red interface/internet to our LAN on any of our registered public IPs, communication from the server back to the internet goes via the firewall IP.

For example (and I'm just making up the numbers here), I've got public IPs 200.100.50.1 and 200.100.50.2 - the I've configured IPCop's static IP to be 200.100.50.1 and I've added 200.100.50.2 as an external alias. I can then set up a port forwarding rule to forward web traffic on 200.100.50.2 port 80 to my internal webserver on 192.168.0.1. But when 192.168.0.1 sends traffic back the other way, to the external network it appears to come from 200.100.50.1, NOT 200.100.50.2.

AFAIK, this has issues for setting up rules to forward traffic to a Microsoft VPN server using an alias that's different to the firewall IP... and I guess it also prevents adding multiple reverse DNS entries to the if I add another mail server because all SMTP traffic will be sent from the firewall IP.

I'd like to be able to set up some sort of rule that sends outgoing traffic from servers via their external alias IP and not the IP of the firewall. I can't see how to do it via the web interface, so I was wondering whether or not it's possible? IPCop uses iptables, and I'd be happy to manually add a few rules via the root console if this is possible. (I know nothing about iptables, mind you, which is why I'm using something like IPCop to prevent me from having to dig too deep).

In case this is relevant, the firewall is set up with red, orange and green interfaces, but currently everything's configured behind green because the previous firewall we used was red-green only. However, I already have test servers on orange and they appear to behave the same - aliased to one ip but reply with the primary ipcop ip.

Any IPCop/iptables advice would be great.

Thanks in advance,

----UR----
Reply With Quote

 

Edit Tags
Tags
None

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 02:23.

Contact Us - The Scream! - Privacy Statement - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Copyright ©1999-2009 The Scream!