Command disabled: backlink
ipcops logo
ipcop support
community support wiki
[[faq:orange:orangemantra]]
ipcops.com | ipcop.org | unofficial FAQ
 
You are here: start » faq » orange » orangemantra

The Orange Mantra

The ipcop firewall takes great care to protect your internal networks from servers running in the Demilitarized Zone, or DMZ, otherwise known as “Orange”. That protection imposes some constraints on servers placed there.

Not understanding these constraints is the most common cause of issues connecting devices in Orange.

  • Orange must be on a separate physical network from Green 1)
  • Orange must be on a separate logical subnet
  • Orange cannot send nor respond to ping
  • Orange must always use your ISP's DNS for name resolution
  • Orange must be assigned a Static IP (IPCOP does not respond to DHCP request on Orange)
  • Orange must always point to the IPCOP Orange interface as its gateway
  • Orange can be accessed from Green ONLY by it’s internal IP address
  • Orange cannot access Green unless pinholes are opened
  • Orange can be port-forwarded to in exactly the same manner as Green
  • Orange NIC to IPCOP NIC must be connected using crossover cable 2)
  • Orange can NOT use IPCOP (at ANY interface) as it's Time Source.
1) not on same hub/switch
2) or via a dedicated switch using a normal cable
faq/orange/orangemantra.txt · Last modified: 2008/10/24 00:35 by ds531