IPCop-Forum.de

www.ipcop-forum.de


IPCop-Community
CL-Systems
Home Home   Doku Doku   Links Links   Downloads Downloads
UnIPCop Der (Un)IPCop   IFS IPCop-ForumSpy
CopTime CopTime   Galerie IPCop-Galerie   IPCop Userkarte Userkarte
Aktuelle Zeit: 23.05.2018, 16:42

Alle Zeiten sind UTC+02:00




Ein neues Thema erstellen  Auf das Thema antworten  [ 7 Beiträge ] 
Autor Nachricht
BeitragVerfasst: 22.05.2015, 16:56 
Offline
Rookie
Themenstarter
Rookie

Registriert: 22.05.2015
Beiträge: 9
I'd like to add a firewall rule where the external destination is one of the IP-addresses we have (we have 5). I noticed that you can only enter an Alias IP here. So I defined a new alias under Network > Aliases. Should be easy: Name, IP, netmask. That server has two network cards, one connected to the LAN, and the other to the WAN. The WAN has the same IP address as the Alias. However, this configuration doesn't work, rather dramatically actually: the server can't connect at all on the WAN side. If I set the alias in IPCop, the server can't connect at all, and if I remove the alias, it immediately connects and is working just fine.

So I can't define the alias in IPCop, because that stops the server working, but I also can't define the firewall to use the external IP address, as it only accepts an alias.

I seem to be missing something here, is there a way to create this rule and keep the server working?

Thanks!


Nach oben
   
BeitragVerfasst: 11.06.2015, 20:12 
Offline
Rookie
Rookie

Registriert: 09.06.2015
Beiträge: 4
I think you may need to just set the alias to one of your other external IPs. So if your WAN IP is .2, set the alias to .3. As you discovered, it may not work if you use the Primary WAN address (I haven't actually tried that, but using other IPs works well for me).
Good luck!


Nach oben
   
BeitragVerfasst: 22.06.2015, 12:16 
Offline
Rookie
Themenstarter
Rookie

Registriert: 22.05.2015
Beiträge: 9
I'd like to define a port forwarding rule where I direct an external IP-address to an internal machine. If I understand correctly, in IPCop this is the IPCop External Destination. (In this particular case this isn't the first IP-address in our range.) Here you have to enter the Alias IP. You can only select from a list here, you can't enter anything else. However, if I define an alias in Network > Aliases, the connection doesn't work anymore. Nothing gets through, and port forwarding doesn't work.


Nach oben
   
BeitragVerfasst: 23.06.2015, 22:32 
Offline
Rookie
Rookie

Registriert: 09.06.2015
Beiträge: 4
Here's what I do: I assign one of my external IPs to an alias, then in Firewall rules set a new port forwarding rule with the
- source - Any (or a particular address if I want it restricted)
- external destination - set to the alias I created first, and the port I want forwarded (either default or custom)
-Internal Destination - IP set to an address or just a specific internal ip, and the port set to the same or a different port, as needed

It works great for me.

What I'm confused about is when you say "if I define an alias in Network > Aliases, the connection doesn't work anymore. Nothing gets through, and port forwarding doesn't work." Are you saying that when you add an alias from your range, that breaks your whole connection? Because I have checked and even if I add an alias which is the primary IP (ie the same IP address as what you see when you go to the "Home" section of IPCop) it still works fine for me.


Nach oben
   
BeitragVerfasst: 01.07.2015, 10:04 
Offline
Rookie
Themenstarter
Rookie

Registriert: 22.05.2015
Beiträge: 9
That does happen indeed. However, in hindsight, that's only the case for servers that are placed in the DMZ (not an orange zone though). If I define a rule for one of the servers that are inside the firewall, it works like it's supposed to.


Nach oben
   
BeitragVerfasst: 06.07.2015, 22:22 
Offline
IPCop-Entwickler, Site-Moderator, IPCop-Supporter 2006, 2007, 2008 und 2009
IPCop-Entwickler, Site-Moderator, IPCop-Supporter 2006, 2007, 2008 und 2009
Benutzeravatar

Registriert: 26.06.2005
Beiträge: 19149
Wohnort: LDK | Hessen
Enlighten us. If the DMZ is not the orange zone, then what/where is it :?:

_________________
/* Gruß weizen_42 */

Bild
| IPCop Doku | IPCop Galerie | IPCop Uptime | Ärger vermeiden |


Nach oben
   
BeitragVerfasst: 20.07.2015, 13:06 
Offline
Rookie
Themenstarter
Rookie

Registriert: 22.05.2015
Beiträge: 9
The servers are connected directly to the WAN, and to the LAN, and can be accessed form both networks. In this case assigning an alias to the WAN apparently causes the WAN connection to not function anymore.


Nach oben
   
Beiträge der letzten Zeit anzeigen:  Sortiere nach  
Ein neues Thema erstellen  Auf das Thema antworten  [ 7 Beiträge ] 

Alle Zeiten sind UTC+02:00


Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast


Du darfst keine neuen Themen in diesem Forum erstellen.
Du darfst keine Antworten zu Themen in diesem Forum erstellen.
Du darfst deine Beiträge in diesem Forum nicht ändern.
Du darfst deine Beiträge in diesem Forum nicht löschen.

Suche nach:
Gehe zu Forum:  
cron
Powered by phpBB® Forum Software © phpBB Limited
Deutsche Übersetzung durch phpBB.de