I will be easier to link 2 hubs. If one of the hubs doesn't have an uplink/crossover port, then link them with an uplink cable. It'll be less than $10, and FAR less hassle than having 2 Green NICs in your IPcop box.
Orange is for a DMZ. That's when you want to have a server that is accessible to the internet (a web server, for example) so you need to allow people to connect to it. By allowing people to connect to it, it is possible that it will be compromised. A DMZ will allow a situation where a compromised machine still has no access to the internal network. You might lose 1 server, but that's all you'd lose, because the boxes in the DMZ will not have any better access to your internal network than anything else on the Internet. Orange is "semi-protected". Kev. ----- Original Message ----- From: "Mathieu Jobin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 09, 2003 7:18 PM Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > anyone have tried to install two GREEN card under IPcop ? > > im not sure to understand whats a ORANGE card, ... but what i need to do, is > to output two network card to two hub. i think it could be easier to link the > hubs together and my hubs dont have this feature. so i need to link it by a > PC. so ? does IPCop can have on red card and two green card ? > > thanks > > > On Monday 09 June 2003 17:38, Shawn Grover wrote: > > Thanks Kevin. I considered using a card from home, unfortunately, I have > > DLinks myself (except for the SMC in MY router). So the issue still > > exists. We'll be getting an SMC soon, had a situation where it either got > > resolved last night, or it had be back in it's original state for today (a > > couple of online demos were/are scheduled for today and the next couple of > > days). So, we're back to the way we were, until I can get the firewall > > built right. Maybe next weekend. > > > > Thanks for the tip on the aliasing. > > > > Shawn > > > > -----Original Message----- > > From: Kevin Anderson [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 09, 2003 11:58 AM > > To: [EMAIL PROTECTED] > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > Why not blow $20 on a card out of your pocket? Then you'll have all the > > different cards. Heck, you could probably just trade it for one you have > > at home/work already, and not spend a dime. You'll more than make up for > > the $20 when you follow this project up with a cost savings analysis, and > > get a bonus for it... > > > > Aliasing the red interface is available from the Web Interface. > > > > Kev. > > > > > > > > ----- Original Message ----- > > From: "Shawn" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Sunday, June 08, 2003 9:25 PM > > Subject: RE: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > Thanks for the reply. The MAC addresses would only apply if I can get > > > the manual config working for the PCI cards. I don't have the info I > > > need to > > > > do > > > > > the manual config (i.e. what options need to be specified, how do I find > > > > the > > > > > values for those options, etc.). > > > > > > Thus far, I have the Red and Green interfaces running. I think I'll be > > > > able > > > > > to convince the boss to buy an SMC card at which point we'll have 3 > > > different NICs. However, this means a delay in implementing the > > > firewall. > > > > > > On a different note, does anyone have any suggestions on how to handle > > > the IP addressing in our case? We have 8 static addresses with about 5 > > > of > > > > them > > > > > in use right now. These 5 are fairly important (mailserver, web server, > > > VPN, etc.) and shouldn't change. Is there any way we can make IPCop > > > recognize all the addresses on the external interface (aliasing I guess), > > > and be able to route according to what address is used? My experience > > > > with > > > > > IPCop suggests I can only use the default address of the Red interface > > > for determining routing. I'd rather not have to put in a hub that would > > > > connect > > > > > all our public boxes directly to the DSL modem (I'd rather they were on > > > > the > > > > > DMZ and accessed through the firewall). But, I haven't had a need (or > > > the resources) to setup an Orange interface before (for myself that is), > > > so > > > > I'm > > > > > sure I'm missing something. More reading coming down the pipe, I can > > > > tell. > > > > > Thanks again for the input. > > > > > > Shawn > > > > > > > > > > > > -----Original Message----- > > > From: Neil Bower [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, June 08, 2003 8:39 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > > > Hi Shawn, > > > As far as I know ou can still do manual configs on the PCI cards. > > > > > > This is somethng I posted earlier in the week that can help if you're > > > > using > > > > > the same type of cards. > > > > > > I installed IPCop using 3 NICS (all 3-Com) > > > 1 - 10mb/s ISA Card and 2 -10/100 PCI Cards. The installation went fairly > > > well > > > and had no issues with the installation discovering the ISA Card - it > > > actually detected that one first. Being as the ISA Card is used on the > > > red zone, it actually helped with eliminating which card wasn't to be > > > used for the green zone. Not related to your problem, but may help later > > > in the installation is to make sure you record the MAC addresses of the > > > cards as you > > > put them in the box. Once your installation is finished, login to the > > > console > > > and check the output of the ifconfig. Based on the MAC addresses and the > > > > IP > > > > > addresses, it'll be easy to know which cards to connect to which zones. > > > > > > Hope this helps, > > > > > > Neil > > > > > > On Sunday 08 June 2003 18:28, Shawn Grover wrote: > > > >At work, we have a need to revise our network wiring/architecture. > > > > I've convinced the power's that be to try out IP Cop for our firewall, > > > > instead > > > > > > of the multiple Windows ISA servers we have now - the selling point > > > > was that IP Cop is much easier to manage than ISA. However, I'm in > > > > the process of building the IPCop box now, and am having problems with > > > > the network cards. > > > > > > > >I don't have the luxury of having 3 distinct models of NICs (we're > > > > doing > > > > a > > > > > >red-orange-green setup). The best I have is one or more DLink 538s, > > > > and > > > > a > > > > > >single DLink 530. The probe feature detects these models with > > > > different drivers, which is good, but I need to configure two (or > > > > three) 538s. > > > > The > > > > > >documentation I've looked at indicates I should select a manual > > > >configuration, and specify the options I need for the cards - however, > > > > > > this > > > > > > >documentation specifically deals with ISA cards. Can anyone tell me > > > > what > > > > > >options I need to set for PCI cards? And where do I find the details > > > > for > > > > > >each card? (I can dig out the drivers disk if needed, but for PCI I > > > > normally don't need them). > > > > > > > >Thanks in advance. If I can get this working, I think I can get the > > > > company moving towards Linux more (not that we've ever been opposed to > > > > it...). > > > > > > > >(I'll buy a beer for who ever comes up with the answer - probably at > > > > the install fest in a couple of weeks). > > > > > > > >Shawn > > >
