ipcop support

Team,

I installed ipcop 2.0.2 newly (previously i am using 1.4.21) for testing purpose. Now, I am facing issues with Port Forwarding which was not working.

Network diagram:

Modem ---> Ipcop --> Internal Network (Red + Green)

I could not attach screen shot as the size was big. Hence, I pasted my portforwarding rules below:

Port Forwarding:
# Net
Iface Source Net
Iface Internal Destination Remark
Action
1 Any Any : 80 =ADV> GREEN 192.168.0.100 : http http
2 Any Any : 25 =ADV> GREEN 192.168.0.100 : smtp smtp
3 Any Any : 110 =ADV> GREEN 192.168.0.100 : pop3 pop3
4 Any Any : 143 =ADV> GREEN 192.168.0.100 : imap imap
5 Any Any : 21 =ADV> GREEN 192.168.0.100 : ftp ftp
6 Any Any : 22 =ADV> GREEN 192.168.0.100 : ssh ssh

Logs:

Nov 24 19:55:21 ipcop kernel: RED DROP IN=wan-1 OUT= MAC=00:80:48:68:68:fc:00:24:dc:1e:dd:03:08:00 SRC=115.184.76.33 DST=118.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=59861 DF PROTO=TCP SPT=3140 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 24 19:55:24 ipcop kernel: RED DROP IN=wan-1 OUT= MAC=00:80:48:68:68:fc:00:24:dc:1e:dd:03:08:00 SRC=115.184.76.33 DST=118.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=59863 DF PROTO=TCP SPT=3140 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 24 19:56:18 ipcop kernel: RED DROP IN=wan-1 OUT= MAC=00:80:48:68:68:fc:00:24:dc:1e:dd:03:08:00 SRC=115.184.76.33 DST=118.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=60442 DF PROTO=TCP SPT=3145 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 24 19:57:42 ipcop kernel: RED DROP IN=wan-1 OUT= MAC=00:80:48:68:68:fc:00:24:dc:1e:dd:03:08:00 SRC=115.184.76.33 DST=118.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=61799 DF PROTO=TCP SPT=3158 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0


When I checked the log file, I don't know why the source port is changing randomly when I try to access a webserver inside green network. Please suggest me an workaround so that I can move this ipcop to production.

You don't want to be forwarding on source port. You want to forward based on Destination port. Source port will always change as the remote computer is connecting to multiple remote sites at the same time. Destination port is the port on the server which will remain the same.

Hmm, I need to access my webserver and webmail which is at Green interface 192.168.0.100 from public (outside). Previous version works perfectly but here I am not able to start. Suggest where I am going wrong.

That's easy enough, read the post from ds531.

_________________


-=[ If you want answers: provide lots of information, including tiny details! ]=-

Seriously consider adding another nic to your IpCopper and using Orange interface for all public facing servers/services.

I will add another nic for Orange interface. But, this should work as before on IpCop 1.4.21, right?

As long as I can tell no features were removed.

Features were not removed but the details on how the different interfaces interact were changed. Take a look at the docs for the details.

"When Advanced mode is enabled, it is possible to add a Source Port to the rule."

That option shows even when not in Advance mode.

"2.6.10.5. Port Forwarding

Forward traffic from external (RED, Internet) to an internal network.

Port Forwards are special. The source interface is always Red. Destination is split into an 'intermediate' destination; IPCop external address or alias address, and a 'final' destination, which is the internal server that needs to be accessible from the outside."

That is the entirety of documentation on port forwarding.


I am trying to connect from external to a series of IP cameras.

I need to use a different port to access the individual camera.

So for example, externalport.stuff:88 to 192.168.1.2:88

The 1.4 version of IPcop let me do that easily.

The 2.0.2 version only lets me access via HTTP

You can "Use source Port: "

But in the red section you choose " Default services: "

...you can't leave it blank
...you can't type in a random port you want to use. (only what's on the list)

Now the problem...

On internal, you again can choose from a list of ports...but you can't choose your own...

So I would hope that if I choose "Use source Port:" and 88

...IPcop should use that same port through to the device...

...but nope, only what's on the list.



So if you need to port forward 6 IP cameras, you need to find 6 ports on the list...you can't make any up.

And what is your point? Relation to the post from dharan415?

_________________


-=[ If you want answers: provide lots of information, including tiny details! ]=-

The relation was that he (youbecha) was having trouble with the new port forwarding in V2 vs what was in 1.4. I agree that a new thread might have been justified.

However, the solution seems to be explained at viewtopic.php?f=4&t=16168

I'm having problem also in port forwarding in smtp port 25.

when I'm trying to look what are the open ports it only show the ssh, http, imap and pop3 I wondering why smtp is missing but it is up and running in my service.

thanks

version ipcop 2.0.6