Need help with IpCop

crana · 02-11-2024, 07:44 AM

Hi!

I'm hoping somebody can help me.

I'm having trouble configuring IpCop.
From the web server I have in the DMZ, I can't ping IpCop or the red interface and according to the official IpCop page, it should be open by default. That's my main problem right now.

From IpCop, I have access to the internet, to the internal network, and to the DMZ, and I can ping without any problems.
From the internal network, I also have internet access.

I'm doing everything in VirtualBox.

The red interface is set to NAT.

Any help would be appreciated.

Here is a link with an image of my ipcop network setup.

https://ucd05aaa92ca5696e0f3a0b1be8f...58uzxlpw/file#

michaelk · 02-11-2024, 08:42 AM

You will not be able to ping the red interface from your home LAN if using NAT. VirtualBox NAT is a basic router in itself. Shutdown IpCop and switch the red network adapter from NAT to Bridged.

crana · 02-11-2024, 10:41 AM

Thanks a lot!

I changed the red network adapter from NAT to Bridged. I used to have it set to Bridged, but someone had told me to switch it to NAT.

I still have the same problem in that from the server in the DMZ, I can't ping the Orange or Red adapters, but I can ping my home's Router and browse the internet just fine.
I imagine I should be able to ping the Orange and Red adapters from within the DMZ, since I can ping them from the client in the Green zone (?)

So while I can browse the internet from the DMZ, I worry something might still be wrong as I can't ping the Adapters.

The main issue tho, is that I can't access the web server in the DMZ from my home network.

I made a port forwarding rule in IPCop, to forward all traffic on port 80 to the IP of the server in the DMZ, but doesn't seem to be working.

The port forwarding rule looks like this:
Net Iface: Any | Source: Any:80 | >> | Net Iface: ORANGE | Internal Destination: 100.99.100.2:http (the DMZ server's IP)

michaelk · 02-11-2024, 11:21 AM

I am not all that familiar with ipcop.
I don't know if there are any rules to drop ping requests from that zone. If so then pings do not work but regular traffic does and maybe dependent on how the pinholes if any are configured. If you can not access the DMZ from your home network the port forwarding rule isn't correct. Be sure you selected TCP and not UDP.

https://www.ipcop.org/2-0-0/en/admin...l-traffic.html

By the way ipcop is discontinued. I use PFsense but there are others like untangle, IPfire (fork of IPcop), OPNsense (a fork of PFsense) that would be better to run.

crana · 02-11-2024, 03:09 PM

I was able to figure out what I was doing wrong.

Turns out I was trying to access the DMZ server by using its IP, while I had to use the IP of the red interface.
Doing that, the port forwarding rule correctly forwards the traffic to the server!

Thanks again for your help!

I would switch firewalls, but it's for an exercise and I'm stuck with IpCop for now.