subnetting and ip addresses with ipcop
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: subnetting and ip addresses with ipcop

  1. #1
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121

    subnetting and ip addresses with ipcop

    ok, so this ones got me stumped. I have an ipcop, and it's on its subnet .0.1 and it connects to the internet on its red (bad interface) and green to the internal subnet (good, home, .0.1) which just goes to a wireless router. I used a crossover cable to connect em and everything works great. I have one issue though, the ipcop doesn't see or know any of the ip addresses on my home network, so all my logs are incomplete (i just get .0.200 for ip addresses in my home network rather than .1.x). Also, i wanted to set up a transparent proxy to a content filtering system on a server on my home subnet, but i cant because it would filter the content filterer to, creating an infinite loop

    i.e. my computer wants isohunt.com, ipcop sends the request through to my wireless router (.0.200:8118) which forwards to server (.1.x:8118) which asks for the page and is caught by ipcop, which repeats the process.

    I have the option of giving a computer unrestricted access, which would work and is the solution i need, but ipcop doesnt have any clue who 192.168.1.x is and where he is.
    So how do i fix it?
    isnt there a way in linux using ifconfig or hosts or something to say which interface an ipaddress is on? is that even what i want? I guess i could put a hub on ipcop, then a crossover to the hub for my router, and then the server on the hub. but then i have to move other services and reconfigure and stuff. Maybe one day I'll do that but not today. Anyways, any help would be appreciated, later and thanks
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Does your set-up reflect this:

    Internet -->-->--> IPCOP F/W -->-->--> Wireless AP -->-->--> Wireless clients

    And from the firewall > Router > Hosts everything is on a 192.168.0.X/24 IP range?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    close, sorry. that was probably unclear

    internet --> ipcop (f/w and proxy) (.0.1) -->(.0.200) Wireless AP (.1.2) --> (.1.x) clients/home network and server
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Why cant you set all your network devices to be on the same subnet?

  5. #5
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    i like the two subnets for lots or reasons. I think i'll leave it at that so that we dont get off topic
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    I don't think it is possible to work the way it is setup.

  7. #7
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    poop, thats no fun. u sure? well how about just simple things like if i wanted to ping 192.168.1.1 from the ipcop? i'm sure thats gotta be possible
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  8. #8
    Member
    Join Date
    Dec 2006
    Posts
    33
    This sounds rather similar to the setup I have.

    My setup:


    internet-->ipgateway(192.168.1.1)-->(192.168.1.2)wireless router(192.168.2.1)-->me(192.168.2.x)

    My gateway thinks all traffic that's coming from behind the router is coming from 192.168.2.1, because the wireless router does all the DHCPing, NATing and stuff.

    Btw, I do the ipgateway thing because it's hard sharing a dialup connection otherwise.
    Last edited by NukEvil2; June 20th, 2007 at 10:11 PM. Reason: speeling erors

  9. #9
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Going off the info you have provided I think you have a routing issue - as someone mentioned if your Wireless AP is handing out the IP addresses to your clients, then something needs to tell the firewall about the subnet and how to reach it - I wouldn't have thought the wireless AP would do this, unless you have a high end one.

    So for example when the firewall is told to ping 192.168.1.X if has no idea where that subnet is our how to get to it - in fact it will have a default route in place to send all unknown traffic to your ISP's router and on to the Internet, however obviously the 192.168 range is not routable over the Internet.

    I've not used IPCOP before but I suppose there must be a way to configure a static route in it to tell it to send all 192.168.1.x traffic to the wireless AP.

    At the moment your wireless AP will NAT the 192.168.1.x subnet to 0.200 address (which will explain the log entries you are seeing) so as far as the firewall is concerned there is only the 0.200 address on that interface.

    A rule similar to the following would be needed

    route 192.168.1.0 255.255.255.0 -> 192.168.0.200.

    This way the Wireless AP will receive the traffic and as it knows about the other IP range it will send it on as normal.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    No im not sure but I dont think its possible with that setup... maybe some one else has some ideas.

Similar Threads

  1. Subnetting Questions
    By mooret in forum General Computer Discussions
    Replies: 2
    Last Post: March 18th, 2005, 10:33 PM
  2. Subnetting without binary
    By HTRegz in forum Other Tutorials Forum
    Replies: 1
    Last Post: October 16th, 2003, 04:36 PM
  3. TCP/IP Addressing & Subnetting
    By [WebCarnage] in forum Other Tutorials Forum
    Replies: 16
    Last Post: February 27th, 2002, 09:03 PM
  4. Tutorial: Subnetting, the Lost Art
    By MrLinus in forum Other Tutorials Forum
    Replies: 6
    Last Post: January 28th, 2002, 03:08 AM
  5. Subnetting tutorial
    By mountainman in forum Other Tutorials Forum
    Replies: 2
    Last Post: December 21st, 2001, 08:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides