ipcop support

Hi everyone! This is my first ever post on these forums, so a big hello to everyone!

I have been assigned a project in my class at Uni, where I basically have to research the freeware firewalls out there that could be used by an SME on a limited budget in place of the standard expensive options available by Cisco etc. The objective of this project is to demonstrate the advantages that this free firewall could offer the SME and the way I am supposed to prove that is by using kind of a before and after scenario -> before the firewall was in place, nmap was able to get details of all users behind the ISP home router and after the firewall was in place, it wasn't able to do so.

I also have to demonstrate all the other features that IPcop has to offer. The important thing here is that I am implementing this on my home lab and not my Uni due to some personal reasons, so I'm not quite sure if anything that I am doing is right at all, so all your opinions would be extremely welcome and valued!

Right, now for the setup. I have 3 machines available to me at home. The IPCop firewall machine has 3 interface cards in it, 2 of which are connected to the red and green interfaces, while the third one is unused.

My network diagram is attached to this post.

The two routers and the cloud (shown in the attached diagram) are simulated using GNS3 and the host C3 is simulated using VMWare (running win xp), both on my laptop. Router R2 is meant to simulate the ISP provided router in this setup.

The Win XP host on VMWare is connected to the fastethernet interface of the router R1 using the VMWare virtual adapter.

While router R2 is connected to the cloud using the physical NIC card on my laptop.

The other end of the C2 cloud is physically connected to the RED interface on IPCop using a crossover cable. The GREEN interface of IPCop is physically connected to a real host, again using a crossover cable.

The addressing scheme is as follows:

Host C3:

172.16.0.2/24

R1:

f0/1: 172.16.0.1/24
f0/0: 200.0.3.3/24

R2:

f0/0: 200.0.3.4/24
f0/1: 192.168.8.1/24

IPCop RED interface:

192.168.8.2/24

IPcop GREEN interface:

192.168.1.1/24

The host in the green network:

192.168.1.10/24

When I ping from the 1.10 host in the GREEN network to host C3, the ping is successful. However, when I ping from host C3 to the host in the GREEN network, the ping is unsuccessful, which I understand is the default behaviour of IPCop.

Now, I have tried setting a port forwarding rule in IPCop, but I'm not sure if I have done it right because it's not working no matter what I try, and thats where I would like your help.

Under port forwarding i have set:

Source:
Any

IPCop External Destination:

Alias IP: Red Address
Default Services: Ping

Internal Destination:

Default Interfaces: Green
Destination IP: 192.168.1.10 (Address of the host in my green network)
Default Services: Ping


Could anyone tell me why the ping is not going through? I would really appreciate any help right now!

I have turned off windows firewalls on all machines in this setup. And I am not using my internet connection at home. The two routers in GNS3 are meant to simulate the ISP, while host C3 is meant to be someone from the outside world, or at least thats what I've been thinking.

Just to let you know, I've also tried setting up an ftp and telnet server on the host in the green network and allowing them in the port forwarding rules. But when I try to telnet or ftp in from the C3 host, nothing works!!

Thank you in advance for all your replies and suggestions!

TL;DR

Was there a question buried someplace in that novel?

_________________
For the 2.5^15th time :: Better Details = Better Answers

Im sorry, Im sure that was confusing! Let me try again.

Can someone tell me if it's in any way possible to ping a host in the green zone from the outside world (red zone) in IPCop v2.0.3 and how do i go about it?

And secondly, how do i access an ftp or telnet server in the green zone from the red zone?

I have tried port forwarding but nothing seems to work! I am totally new to Linux and firewalls as well, so if someone could please explain it to me stepwise, I would be greatful!

Thanks again!

I haven't tried opening the port to ping an internal server, but the port forwarding rules to hit my XBox inside the firewall work fine... Basically just forward any request to the specific port to the internal IP/Port.

I think the ping packets are going to be preempted by the IPCop itself. I suspect you'd have to be a real expert in iptables to have any hope of forwaring that to anywhere else.

Other port forwarding shouldn't be an issue, so long as you're not on a port reserved by IPCop for its own use. Standard ftp and telnet ports shouldn't be an issue.

The whole idea behind GREEN is to PROTECT your GREEN hosts from all outside packets.

Why would you want an external Host to be able to PING a GREEN system?

_________________
For the 2.5^15th time :: Better Details = Better Answers