Home / Browse / IPCop Firewall / Mail / Archive

IPCop Firewall

Email Archive: ipcop-user (read-only)

2001:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec (96)
2002:	_Jan (367)	_Feb (707)	_Mar (1352)	_Apr (1146)	_May (978)	_Jun (930)	_Jul (863)	_Aug (845)	_Sep (702)	_Oct (719)	_Nov (719)	_Dec (652)
2003:	_Jan (1163)	_Feb (991)	_Mar (1371)	_Apr (993)	_May (1476)	_Jun (1024)	_Jul (1093)	_Aug (1724)	_Sep (1603)	_Oct (1275)	_Nov (989)	_Dec (746)
2004:	_Jan (998)	_Feb (1049)	_Mar (1045)	_Apr (661)	_May (692)	_Jun (609)	_Jul (497)	_Aug (516)	_Sep (749)	_Oct (973)	_Nov (697)	_Dec (766)
2005:	_Jan (953)	_Feb (903)	_Mar (939)	_Apr (620)	_May (599)	_Jun (645)	_Jul (502)	_Aug (522)	_Sep (504)	_Oct (666)	_Nov (570)	_Dec (551)
2006:	_Jan (641)	_Feb (478)	_Mar (635)	_Apr (472)	_May (369)	_Jun (542)	_Jul (343)	_Aug (620)	_Sep (438)	_Oct (441)	_Nov (403)	_Dec (394)
2007:	_Jan (556)	_Feb (427)	_Mar (662)	_Apr (549)	_May (463)	_Jun (405)	_Jul (320)	_Aug (332)	_Sep (541)	_Oct (433)	_Nov (319)	_Dec (386)
2008:	_Jan (402)	_Feb (394)	_Mar (328)	_Apr (350)	_May (262)	_Jun (274)	_Jul (353)	_Aug (483)	_Sep (277)	_Oct (391)	_Nov (220)	_Dec (230)
2009:	_Jan (270)	_Feb (166)	_Mar (175)	_Apr (204)	_May (190)	_Jun (187)	_Jul (263)	_Aug (119)	_Sep (125)	_Oct (169)	_Nov (166)	_Dec (84)
2010:	_Jan (108)	_Feb (154)	_Mar (82)	_Apr (104)	_May (69)	_Jun (125)	_Jul (70)	_Aug (108)	_Sep (72)	_Oct (65)	_Nov (85)	_Dec (57)
2011:	_Jan (112)	_Feb (37)	_Mar (25)	_Apr (76)	_May (61)	_Jun (42)	_Jul (104)	_Aug (106)	_Sep (56)	_Oct (118)	_Nov (98)	_Dec (59)
2012:	_Jan (96)	_Feb (84)	_Mar (66)	_Apr (69)	_May (83)	_Jun (50)	_Jul (40)	_Aug (43)	_Sep (65)	_Oct (65)	_Nov (41)	_Dec (38)
2013:	_Jan (46)	_Feb (60)	_Mar (123)	_Apr (66)	_May (34)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
1	2	3	4	5	6	7
(4)	(13)	(6)	(6)	(6)	(1)	(4)
8	9	10	11	12	13	14
(3)	(6)	(12)	(25)	(10)	(19)	(6)
15	16	17	18	19	20	21
(4)	(10)	(9)	(19)	(28)		(11)
22	23	24	25	26	27	28
(18)	(23)	(3)	(8)	(6)	(4)	(2)
29	30
(2)	(6)

Re: [IPCop-user] Update Accelerator - Download status question

From: Dave Whiteside <ipcop@st...> - 2008-06-30 10:11

Doc. Caliban wrote:
SNIP
> I count on this add-on heavily, and since one of the updates is SP3  
> (for better or worse) I will have at least 300 people accessing it if  
> it's actually in the cache and accessible.
>
> Thanks,
>
> -Doc
>
>   
For 300 People and windows updates [well for 30 people] I'd get a 
Windows Server running on your network providing WUS services - and get 
them all to connect to that 1st ... this will mean one machine will 
hammer the internet and all the theres will hammer that machine

Re: [IPCop-user] Update Accelerator - Download status question

From: Hylton Conacher (ZR1HPC) <hylton@co...> - 2008-06-30 13:27

Dave Whiteside wrote:
> Doc. Caliban wrote:
> SNIP
>   
>> I count on this add-on heavily, and since one of the updates is SP3  
>> (for better or worse) I will have at least 300 people accessing it if  
>> it's actually in the cache and accessible.
>>
>> Thanks,
>>
>> -Doc
>>
>>   
>>     
> For 300 People and windows updates [well for 30 people] I'd get a 
> Windows Server running on your network providing WUS services - and get 
> them all to connect to that 1st ... this will mean one machine will 
> hammer the internet and all the theres will hammer that machine
>   

Umm, could the proxy on IPCop not be used as well i.e. once the first
person has downloaded it, the rest will get it from the proxy? I ask as
it is what I want to do for Windows and OpenSuSE updates.

Re: [IPCop-user] Update Accelerator - Download status question

From: Dave Whiteside <ipcop@st...> - 2008-06-30 14:24

Hylton Conacher (ZR1HPC) wrote:
> Dave Whiteside wrote:
>   
>> Doc. Caliban wrote:
>> SNIP
>>   
>>     
>>> I count on this add-on heavily, and since one of the updates is SP3  
>>> (for better or worse) I will have at least 300 people accessing it if  
>>> it's actually in the cache and accessible.
>>>
>>> Thanks,
>>>
>>> -Doc
>>>
>>>   
>>>     
>>>       
>> For 300 People and windows updates [well for 30 people] I'd get a 
>> Windows Server running on your network providing WUS services - and get 
>> them all to connect to that 1st ... this will mean one machine will 
>> hammer the internet and all the theres will hammer that machine
>>   
>>     
>
> Umm, could the proxy on IPCop not be used as well i.e. once the first
> person has downloaded it, the rest will get it from the proxy? I ask as
> it is what I want to do for Windows and OpenSuSE updates.
>
> -------------------------------------------------------------------------
>   
I think windows makes it hard, as they get downloaded via BiTS - a few 
years back I looked at the connections when windows was doing it's stuff 
and it was bringing the conenction to it's kness - so I inversted in a 
MS server [mainly for this but use it for a couple of other windows things]
now they all get the updates from that and my connection is happy

I'm not 100% sure that the cache wont work for this but I'm happy to be 
told otherwise

[IPCop-user] Should it run that long ?

From: Renaud (Ron) OLGIATI <renaud@ol...> - 2008-06-30 11:30

I run gkrellmd on my IPCop box, so I can keep an eye on what it does in a 
window on my desktop box screen.

Looking at it I today noticed the cpu usage was very high, so I ssh'ed and ran 
top -i to check.

It appears that a process "randomize" has been running for now over 200 
hours !

Apart from rebooting the IPCop box, what should one do ?
 
Cheers,
 
Ron.
-- 
                    Pain is life,                        
                    and death is when the pain goes away.
                                         -- Keith Roberts
                                    
                   -- http://www.olgiati-in-paraguay.org --

Re: [IPCop-user] Replacing all three NICs - Driver Question

From: Dave Whiteside <ipcop@st...> - 2008-06-30 09:56

Doc. Caliban wrote:
> Hello,
>
> I would like to replace all three of the NICs in my box.  The Blue and  
> Green ones for performance reasons, and the Red one for reliability  
> reasons.  (The existing cards are all pretty old.)
>
> The cards that I would like to install are Intel 'Pro/1000 Desktop  
> Adapters'.
>
> I have two questions:
>
> 1.  Will IPCop 1.4.16 have drivers for these cards?
>   
Yes
> 2. If so, should I still consider updating the drivers if Intel has  
> newer ones?
>   
No

TBH unless you have got a 100Mb connection to the internet you wont 
notice any difference,
and just rebuilding the machine and re-runing IPCopy would be the 
easiest way

Re: [IPCop-user] eth1: (4147786) System Error occured (1)

From: Dave Whiteside <ipcop@st...> - 2008-06-30 09:39

Gilles Espinasse wrote:
>> I'm using a 4 port adaptec controller
>> [had it for years without problems [ as far as I'm aware]]
>> however I now see things like this apear in dmesg
>>
>> eth1: (4250189) System Error occured (1)
>> eth1: (4257058) System Error occured (1)
>> eth0: (4604844) System Error occured (1)
>>     
>
> google show it is a tulip driver related message.
>
> http://www.usenet-forums.com/linux-networking/62779-eth0-system-error.html
> http://osdir.com/ml/aurora.user/2004-07/msg00088.html
>
> I don't know more.
> Could be DMA, IRQ, or PCI related.
> With 4 cards with same driver on the PCI bus, it may push motherboard/driver to
> some limits.
>
>
> Gilles
>   
Thanks Giles
[sorry about the delay in response]

yeah I think it is a shared IRQ problem I'll probably replace the 
machine when I get some time

[IPCop-user] USB Ethernet Adapter for Green or Red

From: R G <rawgarlic@gm...> - 2008-06-28 21:33

I am trying to use a USB Ethernet Adapter on a new IPcop installation.

"AirLink 101 ASOHOUSB 10/100Mbps Fast Ethernet USB 2.0 Adapter"
http://www.airlink101.com/products/asohousb.php

It does not appear in the list of supported hardware.

It has worked on boot up, on typical Linux desktop installs (like Ubuntu).

If anyone knows how to make this work with IPcop, please help me.

Thanks.

Re: [IPCop-user] USB Ethernet Adapter for Green or Red

From: William Colls <william@pr...> - 2008-06-29 03:33

Since the specs for the device don't list Linux as supported OS, you 
will need to find a driver for it. You might try asking the manufacturer 
if they will be providing one in the future, but I wouldn't hold my 
breath. And until there is a driver (and is to be compatible with a 2.4 
series kernel) you are out of luck.

R G wrote:
> I am trying to use a USB Ethernet Adapter on a new IPcop installation.
> 
> "AirLink 101 ASOHOUSB 10/100Mbps Fast Ethernet USB 2.0 Adapter"
> http://www.airlink101.com/products/asohousb.php
> 
> It does not appear in the list of supported hardware.
> 
> It has worked on boot up, on typical Linux desktop installs (like Ubuntu).
> 
> If anyone knows how to make this work with IPcop, please help me.
> 
> Thanks.
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user

Re: [IPCop-user] USB Ethernet Adapter for Green or Red

From: Tapani Tarvainen <ipcop@ta...> - 2008-06-29 05:26

On Sat, Jun 28, 2008 at 11:33:40PM -0400, William Colls (william@...) wrote:

> Since the specs for the device don't list Linux as supported OS, you 
> will need to find a driver for it. You might try asking the manufacturer 
> if they will be providing one in the future, but I wouldn't hold my 
> breath. And until there is a driver (and is to be compatible with a 2.4 
> series kernel) you are out of luck.

That parenthetical statement is the key.

There are lots of USB-ethernet adapters that have drivers in current
standard kernel - 2.6 series that is - but don't work with 2.4 series.
Indeed it seeems quite hard to find one that _does_ work with 2.4.
(and IPCop).

Indeed that is the main reason I'm hoping IPCop 2.x comes out soon:
it has 2.6 series kernel with its better support for new hardware.

As for the ASOHOUSB, since it worked out of the box in Ubuntu,
it probably has some chipset that's supported in 2.6 but not 2.4.
Plugging it in the Ubuntu box would allow determining which chipset
it has and checking if there's a driver for 2.4.x. 

-- 
Tapani Tarvainen

[IPCop-user] Blue to red stopped working

From: Dressel, T <TDRESSEL@rt...> - 2008-06-28 19:50

Hi folks,

I'm a red/blue/green setup. I strapped on a second IP (alias) to my red interface a few weeks back, and ever since wireless clients on my blue interface can't get into things on the green network from/through red (for example the company website). Blue can ping via name resolution to the red side (both primary, and alias), but cant get through the firewall. Blue clients can successfully VPN to green, and get access that way, but I don't want to hand out vpn to visitors just to get to the company website from the wireless side of the firewall.

Any suggestions on what I can do to investigate further?

Thanks,




--
This message was scanned by RTI Mailscanner and is believed to be clean.

[IPCop-user] PPPoE setup

From: Brian <brianphillips@cl...> - 2008-06-27 10:15

IPCop 1.18
Zoom ADSL bridge modem

I have been trying to setup a PPPoE connection in IPCop using a Zoom 
bridge modem which apparently allows one to use software (IPCop) 
designed for PPPoE ADSL connections even though the actual ADSL 
connection - as provided by BT internet - is PPPoA.

I have set up IPCop, apparently successfully, up to the stage of 
specifying that PPPoE is being used.

I have opened IPCop in Firefox and gone to the dialup page under the 
menu entry 'network'.   Here I have entered the username and password 
for the PPPoE connection, and chosen automatic DNS.   I saved the page 
and rebooted IPCop.

Once IPCop had rebooted I tried to connect (from the home page) but with 
no success.   Typical of the error messages in the system log were:-

PPP has gone up on ppp0
IPCop started
Error:  Can't start red when its still active

I also notice that in the firewall logs there were entries of blocked 
transmissions directed to an IP number which is my IP address actually 
assigned by BT.   This seems to suggest that my configuration is almost 
correct.

If anyone can give any indication of what I might try I would be very 
grateful.

Incidentally, I am currently using a Zoom modem including a firewall and 
a NAT.   This appears to be functioning very well with IPCop except that 
there is double natting, and it was the double natting that initiated my 
attempts at using a bridge modem.   In more detail, the NAT in the Zoom 
firewall modem allocates 10.0.0.4 to IPCop which then passes this - 
presumably using its NAT - to the network.

Regards to all

Brian

Re: [IPCop-user] PPPoE setup

From: Bob Wooden <rewdn@be...> - 2008-06-27 12:12

Recently installed a ZOOM X4.  I found a very good bridging instruction
at ZOOM support.  Maybe you should check for this FAQ in ZOOM support
and check your bridge settings.

On Fri, 2008-06-27 at 11:15 +0100, Brian wrote:
> IPCop 1.18
> Zoom ADSL bridge modem
> 
> I have been trying to setup a PPPoE connection in IPCop using a Zoom 
> bridge modem which apparently allows one to use software (IPCop) 
> designed for PPPoE ADSL connections even though the actual ADSL 
> connection - as provided by BT internet - is PPPoA.
> 
> I have set up IPCop, apparently successfully, up to the stage of 
> specifying that PPPoE is being used.
> 
> I have opened IPCop in Firefox and gone to the dialup page under the 
> menu entry 'network'.   Here I have entered the username and password 
> for the PPPoE connection, and chosen automatic DNS.   I saved the page 
> and rebooted IPCop.
> 
> Once IPCop had rebooted I tried to connect (from the home page) but with 
> no success.   Typical of the error messages in the system log were:-
> 
> PPP has gone up on ppp0
> IPCop started
> Error:  Can't start red when its still active
> 
> I also notice that in the firewall logs there were entries of blocked 
> transmissions directed to an IP number which is my IP address actually 
> assigned by BT.   This seems to suggest that my configuration is almost 
> correct.
> 
> If anyone can give any indication of what I might try I would be very 
> grateful.
> 
> Incidentally, I am currently using a Zoom modem including a firewall and 
> a NAT.   This appears to be functioning very well with IPCop except that 
> there is double natting, and it was the double natting that initiated my 
> attempts at using a bridge modem.   In more detail, the NAT in the Zoom 
> firewall modem allocates 10.0.0.4 to IPCop which then passes this - 
> presumably using its NAT - to the network.
> 
> Regards to all
> 
> Brian
> 
> 
> 
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user

Re: [IPCop-user] ipcop setup

From: mick winnett <help@wo...> - 2008-06-27 09:12

Fajar Priyanto wrote:

=============

Snip

==========

 >

 > I think the router's dhcp is giving ip to ipcop, and ipcop's dhcp is
giving

 > ip to your lan. So, it's ok to run both.

-----------------------------------

Kevin W. Wall [mailto:kevin.w.wall@...] wrote:=

Come to think of it, after see Fajar's comment, he may be right. Since your

DSL router is on your RED interface, you _might_ be OK. I just wouldn't

guarentee it.

----------------------------------

Thanks for all the responses, some interesting advice, I have the system on
test right now, the dsl router connects to the isp, has four eth ports and
wireless.   All I'm using is one eth port which goes to the red eth
interface of the ipcop box.  The router dhcp gives an ip address to the
ipcop box, I have this address set manually in ipcop, and the ipcop dhcp
gives an address to the green Ethernet card and to devices connected to the
green intface.  There is, at present, only one pc on the green, I guess I
will have to purchase a switch to connect further hosts and then the setup
may work ok, I was planning on getting an old used switch on ebay.

I don't think I can use the other eth ports on the router for anything, they
would not be protected by ipcop obviously, but also when I tested that,
there were problems and I lost connectivity, I'm not sure why, but possibly
some kind of conflict with the two dhcps ?   I'm not using any wireless here
at the moment, but I guess when I do I'll have to put a wireless card in the
ipcop box, not try and use the built-in one on the router if I want to take
advantage of the security of ipcop, and from what I've seen I'd like to use
ipcop if I can.

The router has its own firewall btw, and for p2p I have had to manually set
port forwarding to the red eth of the ipcop box, seems to work though, the
firewall log is throwing up a lot of messages about CHAIN "New not Syn?"
Is that something to do with the "half-open sockets" I've read about, is it
something I could fix?  

The only other problem in the firewall logs are msgs about broadcasts from
the Gateway to 224.0.0.1 CHAIN "Input" Protocol "2" src and dest ports "2"
These include a MAC address, I wondered if they were ARP messages?  Don't
know why they would be a prob for the firewall though.

======================

=================

Dave Taylor wrote

>I just want to add that I use WinSCP because it has a gui and runs on
windows.  It will also launch putty for you so you >can install the untar
and install the package after it is copied over.

================

Ok, I will have a look at that , I've downloaded Putty, I'll get Winscp and
check that out, then see how I get on with Linux, I remember I ran my
mailing list remotely on a Unix box, back in the days, and I had some
frustrating times with pine and with an unforgiving command structure which
made Dos4 look user friendly!   A Gui should help!

Regards

mick

[IPCop-user] ipcop setup

From: mick winnett <help@wo...> - 2008-06-26 15:32

Hi, this is my first post to the list, I'm a computer (mature) student with
no knowledge of Linux.   I will be studying Linux next semester at college,
but at the moment I want to set up a small network at home on a low budget.
It will most likely have about 5 pcs on it.   I want to let my kids onto the
internet but I want to have some control over what they may run into.

 

I don't know if i may want to put in a web server at some point, I might
want to run a mailing list, I have a mailing list right now with about 800
subscribers which I have hosted for me, I could run it from home it's
usually only 100 to 200 messages per day, text only.

 

I have installed ipcop on an old box 400 MHz pentium2 with 385 mb ram 8 gig
hd which I think may be sufficient for what I need.   It's up and running,
and I'm connecting through it now, it goes through an isp provided dsl
router which supplies an external ip address on login.   The router does
dhcp and ipcop does dhcp too, should I turn off the dhcp in the router?   Or
does it not matter?

 

I read some stuff about installing peerguardian on the ipcop box, that seems
like a good idea, but I don't know the basics of how to move files around
and install programs in Linux.   I'm more familiar with Windows and Dos.  I
know that peerguardian blocks out some good stuff, like Google, and even my
own website, and this can be handled in Windows with an allow list built
into PG2 called permallow, how do I do that in Linux?

http://tuxtraining.com/2008/06/05/filter-out-riaampaa-with-peerguardian-on-i
pcop/

 

For antivirus I read about copfilter, Is there a good guide to setting that
up?   It looks like it might be complicated for a Linux newbie.   Is there a
preferred order to install?

 

I'd be grateful for any advice, and apologies if any of my questions are
inappropriate for this list.

 

Regards

 

Mick.w.

Re: [IPCop-user] ipcop setup

From: Fajar Priyanto <fajar.p@gm...> - 2008-06-26 17:33

On Thu, Jun 26, 2008 at 10:32 PM, mick winnett <help@...>
wrote:

> I have installed ipcop on an old box 400 MHz pentium2 with 385 mb ram 8 gig
> hd which I think may be sufficient for what I need.   It's up and running,
> and I'm connecting through it now, it goes through an isp provided dsl
> router which supplies an external ip address on login.   The router does
> dhcp and ipcop does dhcp too, should I turn off the dhcp in the router?
> Or
> does it not matter?
>

I think the router's dhcp is giving ip to ipcop, and ipcop's dhcp is giving
ip to your lan. So, it's ok to run both.


> For antivirus I read about copfilter, Is there a good guide to setting that
> up?   It looks like it might be complicated for a Linux newbie.   Is there
> a
> preferred order to install?
>

For any ipcop's addons, the general rules of thumb are:
1. Download the version for your ipcop's version.
2. Copy the downloaded addon into your ipcop through scp.
example: scp -P 222 filename.tar.gz root@...:
3. Connect to ipcop by ssh or from the console
4. Find and extract the file:
tar zxvf filename.tar.gz
5. Usually there will be a directory with the same filename name.
Go into it: cd directoryname.
6. Do: ls
See if there's a readme file. Follow the instruction.
-- 
Cheers,
Linux tutorial http://linux2.arinet.org
Let's use OpenOffice http://www.openoffice.org

Re: [IPCop-user] ipcop setup

From: David Taylor <daveytay@pa...> - 2008-06-27 03:29

> 
> For any ipcop's addons, the general rules of thumb are:
> 1. Download the version for your ipcop's version.
> 2. Copy the downloaded addon into your ipcop through scp.
> example: scp -P 222 filename.tar.gz root@...:
> 3. Connect to ipcop by ssh or from the console
> 4. Find and extract the file:
> tar zxvf filename.tar.gz
> 5. Usually there will be a directory with the same filename name.
> Go into it: cd directoryname.
> 6. Do: ls
> See if there's a readme file. Follow the instruction.

I just want to add that I use WinSCP because it has a gui and runs on
windows.  It will also launch putty for you so you can install the untar and
install the package after it is copied over.
I think the OP would probably get a bit out or reading the admin guide for
Advproxy, as it goes into it a little bit I think.
There must be a guide somewhere on using winscp and ipcop to install an
addon?  A bit of trial and error goes a long ways for first timers, do not
be afraid, just get stuck into it.  Worst case is you have to re-install
IPCop from scratch.

Maybe the OP would like to look into using BOT, to really lock it down or
perhaps just using OPENDNS and the kid safe filters as DNS servers is
enough?

-- 
Dave Taylor

Re: [IPCop-user] squid access control lists

From: Stefanos E. Tsorakis <ad.ts@fi...> - 2008-06-25 16:48

Well the 2 locations are routed and the router that connects the leased line 
from location B is connected to green network of location A. I assume that 
squid is prohibiting the connections from location B since they seem to be 
coming from the green network but the are using a completely different IP 
range.

I suppose that I have to add the network of location B in squid's acl 
however I am not sure what is the correct way to do it.


----- Original Message ----- 
From: "Jayson Smuts" <jayson@...>
To: <ad.ts@...>
Sent: Wednesday, June 25, 2008 7:31 PM
Subject: Re: [IPCop-user] squid access control lists




>>> Stefanos E. Tsorakis<ad.ts@...> 6/25/2008 6:16:07 pm >>>
Hi,

I've got a lease line between 2 locations. All web servers reside on the DMZ
in location A. All access to the webservers from location B is via the
leased line.

I was using IPCop + BOT + Cop+ for the past 3 years on this setup with no
issues. However, I re-installed the firewall on location A with 1.4.18 and
no addons whatsoever. Since the re-installation the PCs on location B when
trying to access the webservers on the DMZ of location A they get this
responce from the IPCop on location A:

"Acess Denied
Access control configuration prevents your request from being allowd at this
time. Please contact your service provider if you feel this is incorrect."

Proxy on Green on location A is enabled and transparent.

Any ideas?

Stef


Stef

I'm not 100% sure about plain vanilla 1.4.18
Presuming that your 2 sites are routed
but with advanced proxy installed you need to add the subnet
of location B to the network based access control
allowed subnet

Jayson

Re: [IPCop-user] squid access control lists

From: Jayson Smuts (<jayson@do...> - 2008-06-25 20:56

>>> Stefanos E. Tsorakis<ad.ts@...> 6/25/2008 6:48:58 pm >>>
Well the 2 locations are routed and the router that connects the leased line 
from location B is connected to green network of location A. I assume that 
squid is prohibiting the connections from location B since they seem to be 
coming from the green network but the are using a completely different IP 
range.

I suppose that I have to add the network of location B in squid's acl 
however I am not sure what is the correct way to do it.


Stef 

you could add it to /var/ipcop/proxy/acl
as this seem not to be overwritten by the gui save

I would really recommend installing advanced proxy with updated accelerator
advproxy gives you the options to add acl's and lot's more
go look at http://www.advproxy.net 

Jayson

Re: [IPCop-user] squid access control lists

From: Stefanos E. Tsorakis <s.tsorakis@fi...> - 2008-06-26 10:57

The weird thing is that I changed the firewall 2 weeks ago and everything 
was working fine until yesterday without anybody touching the firewall 
whatsoever!

Anyway I added the location B network in the squid acl and everything works 
again

----- Original Message ----- 
From: <jayson@...>
To: <Ipcop-user@...>
Sent: Wednesday, June 25, 2008 11:56 PM
Subject: Re: [IPCop-user] squid access control lists


>
>
>>>> Stefanos E. Tsorakis<ad.ts@...> 6/25/2008 6:48:58 pm >>>
> Well the 2 locations are routed and the router that connects the leased 
> line
> from location B is connected to green network of location A. I assume that
> squid is prohibiting the connections from location B since they seem to be
> coming from the green network but the are using a completely different IP
> range.
>
> I suppose that I have to add the network of location B in squid's acl
> however I am not sure what is the correct way to do it.
>
>
> Stef
>
> you could add it to /var/ipcop/proxy/acl
> as this seem not to be overwritten by the gui save
>
> I would really recommend installing advanced proxy with updated 
> accelerator
> advproxy gives you the options to add acl's and lot's more
> go look at http://www.advproxy.net
>
> Jayson
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user

[IPCop-user] DHCP web admin page... long delay in loading

From: Ben Bradley <ben@ba...> - 2008-06-26 09:29

Hi everyone

A few days ago I turned the DHCP service off on our Exchange server, and
activated it on IPCop.
I want IPCop to be handling as much as possible, as we're planning to phase
out the Exchange server over the next 6 months. We're only a small business
of 10-15 users.
I've added a bunch of static leases which correspond to our various servers,
to make sure they don't wander onto different IP addresses.
Their IP addresses are also set manually in network properties.
Everything seems to be working perfectly so far, slightly better in fact.

Anyway, I've noticed that when loading the IPCop DHCP admin page I'm getting
a significant delay in the loading. Often of about 1 minute before the page
completes.
In firefox it appears to stall at the Current Fixed leases section of the
DHCP admin page.

Is this due to my really old hardware (Pentium 2, 250MHz) or is this how it
always happens?
I guess the delay could be caused by the way IPCop reads/processes the
information on current DHCP leases, but I don't know enough about IPCop or
Linux to know what IPCop actually does behind the scenes here to generate
this information.

Any ideas/suggestions/comments?

Thanks, Ben

Re: [IPCop-user] DHCP web admin page... long delay in loading

From: Ben Bradley <ben@ba...> - 2008-06-26 10:18

Right ok, so that delay on the DHCP page is being caused by hardware
limitations.
That's the confirmation that I needed.

I've never noticed a problem like this before... response from IPCop is
usually instant.
This is the first time I've noticed a potential performance problem.

Thanks, B


PS: Sorry for dbl post... didn't hit reply to all


2008/6/26 Ben Bradley <ben@...>:

> Right ok, so that delay on the DHCP page is being caused by hardware
> limitations.
> That's the confirmation that I needed.
>
> I've never noticed a problem like this before... response from IPCop is
> usually instant.
> This is the first time I've noticed a potential performance problem.
>
> Thanks, B
>
>
> 2008/6/26 Johnny Miller <millerj@...>:
>
> You need a more a power full pc to handle this.  Here is what one guy told
>> me about spec's for a good solid Ipcop box is.  This guy tells me this is
>> the best and what he uses when he sells his services to use Ipcop.
>>
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> I started out using spare p4 2.8ghz systems I was obtaining from customer
>> upgrades...but for the last year, I have been using some small form factor
>> MSI systems that have one onboard nic. I then add one netgear nic and a
>> 3com
>> nic for a total of three interfaces.  The systems I have that have four
>> interfaces use supermicro boards with 4 intel e1000 nics onboard.  Most
>> customers don't really need this though because if their network
>> requirements are that extensive, they will usually have multiple IP
>> addresses and I setup a completely seperate DMZ on a completely seperate
>> IP
>> and use multiple routers to control traffic.
>>
>> Anyways, a few rules of thumb for a maintenance free IPCop box...Celeron
>> 2.0GHz or higher will give you great performance and little headache,
>> 512MB
>> Ram or higher, I use 1GB since most boxes are in business setting. I use
>> 80GB drives but 40GB is more than enough.  IPCop does not support SATA
>> drives without modification...stick to IDE drives for now. As for the
>> motherboard, I prefer to stick with intel based boards, I don't much care
>> for via chipsets or other chipsets due to reliability. For Linux based
>> routers, intel chipsets and intel cpus will cause you less grief; however,
>> if you ever wanna tinker with 64bit Linux OS versions, AMD kicks ass but
>> are
>> not as reliable in business environments.
>>
>> Download Putty and WinSCP on any Windows PC attached to the green
>> interface:
>> Putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html<http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html>
>> WinSCP - http://winscp.net/eng/index.php
>>
>> For best results, load in this order:
>> 1. IPCop 1.4.18 ISO if possible or whatever version you can get to load
>> 2. addons-2.3 from here:
>>
>> http://prdownloads.sourceforge.net/firewalladdons/addons-2.3-CLI-b2.tar.gz?d
>> ownload
>> 3. Latest Copfilter for the ver of IPCop you installed from here:
>> http://www.copfilter.org/downloads.php
>> 4. Advance Proxy from here: http://www.advproxy.net/
>> 5. URLFilter from here: http://www.urlfilter.net/
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>>
>>
>> -----Original Message-----
>> From: ipcop-user-bounces@...
>> [mailto:ipcop-user-bounces@...] On Behalf Of Ben
>> Bradley
>> Sent: Thursday, June 26, 2008 5:30 AM
>> To: ipcop-user@...
>> Subject: [IPCop-user] DHCP web admin page... long delay in loading
>>
>> Hi everyone
>>
>> A few days ago I turned the DHCP service off on our Exchange server, and
>> activated it on IPCop.
>> I want IPCop to be handling as much as possible, as we're planning to
>> phase
>> out the Exchange server over the next 6 months. We're only a small
>> business
>> of 10-15 users.
>> I've added a bunch of static leases which correspond to our various
>> servers,
>> to make sure they don't wander onto different IP addresses.
>> Their IP addresses are also set manually in network properties.
>> Everything seems to be working perfectly so far, slightly better in fact.
>>
>> Anyway, I've noticed that when loading the IPCop DHCP admin page I'm
>> getting
>> a significant delay in the loading. Often of about 1 minute before the
>> page
>> completes.
>> In firefox it appears to stall at the Current Fixed leases section of the
>> DHCP admin page.
>>
>> Is this due to my really old hardware (Pentium 2, 250MHz) or is this how
>> it
>> always happens?
>> I guess the delay could be caused by the way IPCop reads/processes the
>> information on current DHCP leases, but I don't know enough about IPCop or
>> Linux to know what IPCop actually does behind the scenes here to generate
>> this information.
>>
>> Any ideas/suggestions/comments?
>>
>> Thanks, Ben
>> -------------------------------------------------------------------------
>> Check out the new SourceForge.net Marketplace.
>> It's the best place to buy or sell services for
>> just about anything Open Source.
>> http://sourceforge.net/services/buy/index.php
>> _______________________________________________
>> IPCop-user mailing list
>> IPCop-user@...
>> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>>
>>
>

Re: [IPCop-user] DHCP web admin page... long delay in loading

From: Ben Bradley <ben@ba...> - 2008-06-26 10:30

We will (hopefully) be replacing Exchange with the most excellent Zimbra!
So long as Microsoft continue to stay away from Yahoo that is.
This will mean no more fudged M$ proprietory IMAP implementation for our
Mac/Thunderbird users!!

At some point I do want to build a small mini ITX or 1U rackmount machine to
run IPCop, but there should be a spare Intel Celeron desktop machine
available within a few months.

Thanks, B


2008/6/26 Johnny Miller <millerj@...>:

>  Yes I have an old 433 mhz pc and I loaded with all the stuff on that page
> I sent you and it came to a crawl.  After I removed everything except
> copfilter I was back in business.  I'm going to be getting a pc like the one
> he spec'ed and load it to test it out.  This guy I have been chatting with
> said this is what he uses and he has no problems.
>
>
>
> What are you going to use instead of exchange if I may ask?
>
>
>  ------------------------------
>
> *From:* batfastad@... [mailto:batfastad@...] *On Behalf Of *Ben
> Bradley
> *Sent:* Thursday, June 26, 2008 6:17 AM
> *To:* Johnny Miller
> *Subject:* Re: [IPCop-user] DHCP web admin page... long delay in loading
>
>
>
> Right ok, so that delay on the DHCP page is being caused by hardware
> limitations.
> That's the confirmation that I needed.
>
> I've never noticed a problem like this before... response from IPCop is
> usually instant.
> This is the first time I've noticed a potential performance problem.
>
> Thanks, B
>
>  2008/6/26 Johnny Miller <millerj@...>:
>
> You need a more a power full pc to handle this.  Here is what one guy told
> me about spec's for a good solid Ipcop box is.  This guy tells me this is
> the best and what he uses when he sells his services to use Ipcop.
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> I started out using spare p4 2.8ghz systems I was obtaining from customer
> upgrades...but for the last year, I have been using some small form factor
> MSI systems that have one onboard nic. I then add one netgear nic and a
> 3com
> nic for a total of three interfaces.  The systems I have that have four
> interfaces use supermicro boards with 4 intel e1000 nics onboard.  Most
> customers don't really need this though because if their network
> requirements are that extensive, they will usually have multiple IP
> addresses and I setup a completely seperate DMZ on a completely seperate IP
> and use multiple routers to control traffic.
>
> Anyways, a few rules of thumb for a maintenance free IPCop box...Celeron
> 2.0GHz or higher will give you great performance and little headache, 512MB
> Ram or higher, I use 1GB since most boxes are in business setting. I use
> 80GB drives but 40GB is more than enough.  IPCop does not support SATA
> drives without modification...stick to IDE drives for now. As for the
> motherboard, I prefer to stick with intel based boards, I don't much care
> for via chipsets or other chipsets due to reliability. For Linux based
> routers, intel chipsets and intel cpus will cause you less grief; however,
> if you ever wanna tinker with 64bit Linux OS versions, AMD kicks ass but
> are
> not as reliable in business environments.
>
> Download Putty and WinSCP on any Windows PC attached to the green
> interface:
> Putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html<http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html>
> WinSCP - http://winscp.net/eng/index.php
>
> For best results, load in this order:
> 1. IPCop 1.4.18 ISO if possible or whatever version you can get to load
> 2. addons-2.3 from here:
>
> http://prdownloads.sourceforge.net/firewalladdons/addons-2.3-CLI-b2.tar.gz?d
> ownload
> 3. Latest Copfilter for the ver of IPCop you installed from here:
> http://www.copfilter.org/downloads.php
> 4. Advance Proxy from here: http://www.advproxy.net/
> 5. URLFilter from here: http://www.urlfilter.net/
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
>
> -----Original Message-----
> From: ipcop-user-bounces@...
> [mailto:ipcop-user-bounces@...] On Behalf Of Ben Bradley
> Sent: Thursday, June 26, 2008 5:30 AM
> To: ipcop-user@...
> Subject: [IPCop-user] DHCP web admin page... long delay in loading
>
> Hi everyone
>
> A few days ago I turned the DHCP service off on our Exchange server, and
> activated it on IPCop.
> I want IPCop to be handling as much as possible, as we're planning to phase
> out the Exchange server over the next 6 months. We're only a small business
> of 10-15 users.
> I've added a bunch of static leases which correspond to our various
> servers,
> to make sure they don't wander onto different IP addresses.
> Their IP addresses are also set manually in network properties.
> Everything seems to be working perfectly so far, slightly better in fact.
>
> Anyway, I've noticed that when loading the IPCop DHCP admin page I'm
> getting
> a significant delay in the loading. Often of about 1 minute before the page
> completes.
> In firefox it appears to stall at the Current Fixed leases section of the
> DHCP admin page.
>
> Is this due to my really old hardware (Pentium 2, 250MHz) or is this how it
> always happens?
> I guess the delay could be caused by the way IPCop reads/processes the
> information on current DHCP leases, but I don't know enough about IPCop or
> Linux to know what IPCop actually does behind the scenes here to generate
> this information.
>
> Any ideas/suggestions/comments?
>
> Thanks, Ben
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>
>
>

Re: [IPCop-user] Help with VPN setup #2

From: Andrew McGlashan <andrew.mcglashan@af...> - 2008-06-25 18:01

Peter wrote:
> Maybe it was a bit rude of me, just bringing a link. I'll remake this
> posting and attach the content instead.

Okay, just for starters:

1) IPCop does IPSEC VPN out of the box;

2) Many people use Zerina Open VPN as an alternative.

PPTP is not something that is built into IPCop and apparently not something 
that can be done easily.  Many questions have been raised on PPTP with 
IPCop, but I don't think there has been any good solution come through.

I sometimes use PPTP to get to a modem/router from my GREEN network (via 
IPCop --> Internet), but that doesn't involve IPCop any more than other 
basic Internet access.  For secure connections, I prefer to use ssh from 
trusted IPs and with known certificates with good pass phrases myself.  And 
I do RDP connections through ssh tunnels as well.  No real need for PPTP 
connecitons generally, only to admin a remote modem that doesn't have any 
ssh server available.

Kind Regards
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP

Current Land Line No: 03 9912 0504
Mobile: 04 2574 1827 Fax: 03 9012 2178

National No: 1300 85 3804

Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.au
http://adsl2choice.net.au

In Case of Emergency --  http://www.affinityvision.com.au/ice.html

[IPCop-user] squid access control lists

From: Stefanos E. Tsorakis <ad.ts@fi...> - 2008-06-25 16:16

Hi,

I've got a lease line between 2 locations. All web servers reside on the DMZ 
in location A. All access to the webservers from location B is via the 
leased line.

I was using IPCop + BOT + Cop+ for the past 3 years on this setup with no 
issues. However, I re-installed the firewall on location A with 1.4.18 and 
no addons whatsoever. Since the re-installation the PCs on location B when 
trying to access the webservers on the DMZ of location A they get this 
responce from the IPCop on location A:

"Acess Denied
Access control configuration prevents your request from being allowd at this 
time. Please contact your service provider if you feel this is incorrect."

Proxy on Green on location A is enabled and transparent.

Any ideas?

Stef

Re: [IPCop-user] squid access control lists

From: Stefanos E. Tsorakis <ad.ts@fi...> - 2008-06-25 16:25

Is it ok if I just add in the /var/ipcop/proxy/acl file

at the end of the line:

acl IPCop_networks src __GREEN_IP__ __BLUE_IP__

the network/netmask of the network in location B?


----- Original Message ----- 
From: "Stefanos E. Tsorakis" <ad.ts@...>
To: <ipcop-user@...>
Sent: Wednesday, June 25, 2008 7:16 PM
Subject: [IPCop-user] squid access control lists


> Hi,
>
> I've got a lease line between 2 locations. All web servers reside on the 
> DMZ
> in location A. All access to the webservers from location B is via the
> leased line.
>
> I was using IPCop + BOT + Cop+ for the past 3 years on this setup with no
> issues. However, I re-installed the firewall on location A with 1.4.18 and
> no addons whatsoever. Since the re-installation the PCs on location B when
> trying to access the webservers on the DMZ of location A they get this
> responce from the IPCop on location A:
>
> "Acess Denied
> Access control configuration prevents your request from being allowd at 
> this
> time. Please contact your service provider if you feel this is incorrect."
>
> Proxy on Green on location A is enabled and transparent.
>
> Any ideas?
>
> Stef
>
>
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user

Next Messages