How to I access my modem while behind IPCOP?
You can change the 1.1.1.1, you need to edit /etc/rc.d/rc.red and look for following lines (somewhere around line 170):
system ("/sbin/ifconfig", $netsettings{'RED_DEV'}, "1.1.1.1",
"netmask", "255.255.255.0", "broadcast", "1.1.1.255", "up");
You would need to change both the 1.1.1.1 and 1.1.1.255 addresses. After your modification a disconnect and connect via the GUI is sufficient. You will see the new address via the GUI under Network Status. Make sure the address does not collide with any of your internal addresses.
Before you change anything, make a security copy of /etc/rc.d/rc.red
Your modem does not know about your Green network, and obviously does not have a default GW pointing to your IPCop Red. All of which is perfectly normal.
You want to SNAT the packets coming from your Green Network with your modem as destination. To do that you modify /etc/rc.d/rc.firewall.local.
A default /etc/rc.d/rc.firewall.local looks like this:
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
;;
stop)
## add your 'stop' rules here
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac
The modified version will look like this:
#!/bin/sh
# Used for private firewall rules
# read variables
eval $(/usr/local/bin/readhash /var/ipcop/ethernet/settings)
REAL_RED=`cat /var/ipcop/red/iface`
# add a variable for modems IP
MODEM_IP=10.1.1.1
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
# this rule masks all traffic directed to my modem
/sbin/iptables -t nat -A CUSTOMPOSTROUTING -o $RED_DEV -d $MODEM_IP -j MASQUERADE
;;
stop)
## add your 'stop' rules here
# delete the mask rule to modem
/sbin/iptables -t nat -D CUSTOMPOSTROUTING -o $RED_DEV -d $MODEM_IP -j MASQUERADE
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac