very interresting. thank you very much for the ORANGE explaination. just to be sure, by uplink cable, do you talk about a cross-cable used for linking two computer without hub ? In french, we just call it a "cable croisee" because some wire are crossed in it. but maybe I'm wrong and you talk about something else.
On Monday 09 June 2003 20:20, Kevin Anderson wrote: > I will be easier to link 2 hubs. If one of the hubs doesn't have an > uplink/crossover port, then link them with an uplink cable. It'll be less > than $10, and FAR less hassle than having 2 Green NICs in your IPcop box. > > Orange is for a DMZ. That's when you want to have a server that is > accessible to the internet (a web server, for example) so you need to allow > people to connect to it. By allowing people to connect to it, it is > possible that it will be compromised. A DMZ will allow a situation where a > compromised machine still has no access to the internal network. You might > lose 1 server, but that's all you'd lose, because the boxes in the DMZ will > not have any better access to your internal network than anything else on > the Internet. Orange is "semi-protected". > > Kev. > > > > > ----- Original Message ----- > From: "Mathieu Jobin" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 09, 2003 7:18 PM > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > anyone have tried to install two GREEN card under IPcop ? > > > > im not sure to understand whats a ORANGE card, ... but what i need to do, > > is > > > to output two network card to two hub. i think it could be easier to link > > the > > > hubs together and my hubs dont have this feature. so i need to link it by > > a > > > PC. so ? does IPCop can have on red card and two green card ? > > > > thanks > > > > On Monday 09 June 2003 17:38, Shawn Grover wrote: > > > Thanks Kevin. I considered using a card from home, unfortunately, I > > have > > > > DLinks myself (except for the SMC in MY router). So the issue still > > > exists. We'll be getting an SMC soon, had a situation where it either > > got > > > > resolved last night, or it had be back in it's original state for today > > (a > > > > couple of online demos were/are scheduled for today and the next couple > > of > > > > days). So, we're back to the way we were, until I can get the firewall > > > built right. Maybe next weekend. > > > > > > Thanks for the tip on the aliasing. > > > > > > Shawn > > > > > > -----Original Message----- > > > From: Kevin Anderson [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 09, 2003 11:58 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > > > Why not blow $20 on a card out of your pocket? Then you'll have all > > > the different cards. Heck, you could probably just trade it for one > > > you > > have > > > > at home/work already, and not spend a dime. You'll more than make up > > for > > > > the $20 when you follow this project up with a cost savings analysis, > > and > > > > get a bonus for it... > > > > > > Aliasing the red interface is available from the Web Interface. > > > > > > Kev. > > > > > > > > > > > > ----- Original Message ----- > > > From: "Shawn" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Sunday, June 08, 2003 9:25 PM > > > Subject: RE: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > Thanks for the reply. The MAC addresses would only apply if I can > > > > get the manual config working for the PCI cards. I don't have the > > > > info I need to > > > > > > do > > > > > > > the manual config (i.e. what options need to be specified, how do I > > find > > > > the > > > > > > > values for those options, etc.). > > > > > > > > Thus far, I have the Red and Green interfaces running. I think I'll > > be > > > > able > > > > > > > to convince the boss to buy an SMC card at which point we'll have 3 > > > > different NICs. However, this means a delay in implementing the > > > > firewall. > > > > > > > > On a different note, does anyone have any suggestions on how to > > > > handle the IP addressing in our case? We have 8 static addresses > > > > with about > > 5 > > > > > of > > > > > > them > > > > > > > in use right now. These 5 are fairly important (mailserver, web > > server, > > > > > VPN, etc.) and shouldn't change. Is there any way we can make IPCop > > > > recognize all the addresses on the external interface (aliasing I > > guess), > > > > > and be able to route according to what address is used? My > > > > experience > > > > > > with > > > > > > > IPCop suggests I can only use the default address of the Red > > > > interface for determining routing. I'd rather not have to put in a > > > > hub that > > would > > > > connect > > > > > > > all our public boxes directly to the DSL modem (I'd rather they were > > on > > > > the > > > > > > > DMZ and accessed through the firewall). But, I haven't had a need > > > > (or the resources) to setup an Orange interface before (for myself > > > > that > > is), > > > > > so > > > > > > I'm > > > > > > > sure I'm missing something. More reading coming down the pipe, I can > > > > > > tell. > > > > > > > Thanks again for the input. > > > > > > > > Shawn > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Neil Bower [mailto:[EMAIL PROTECTED] > > > > Sent: Sunday, June 08, 2003 8:39 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > > > > > > Hi Shawn, > > > > As far as I know ou can still do manual configs on the PCI cards. > > > > > > > > This is somethng I posted earlier in the week that can help if you're > > > > > > using > > > > > > > the same type of cards. > > > > > > > > I installed IPCop using 3 NICS (all 3-Com) > > > > 1 - 10mb/s ISA Card and 2 -10/100 PCI Cards. The installation went > > fairly > > > > > well > > > > and had no issues with the installation discovering the ISA Card - it > > > > actually detected that one first. Being as the ISA Card is used on > > > > the red zone, it actually helped with eliminating which card wasn't > > > > to be used for the green zone. Not related to your problem, but may > > > > help > > later > > > > > in the installation is to make sure you record the MAC addresses of > > the > > > > > cards as you > > > > put them in the box. Once your installation is finished, login to the > > > > console > > > > and check the output of the ifconfig. Based on the MAC addresses and > > the > > > > IP > > > > > > > addresses, it'll be easy to know which cards to connect to which > > zones. > > > > > Hope this helps, > > > > > > > > Neil > > > > > > > > On Sunday 08 June 2003 18:28, Shawn Grover wrote: > > > > >At work, we have a need to revise our network wiring/architecture. > > > > > I've convinced the power's that be to try out IP Cop for our > > firewall, > > > > instead > > > > > > > > of the multiple Windows ISA servers we have now - the selling > > > > > point was that IP Cop is much easier to manage than ISA. However, > > > > > I'm in the process of building the IPCop box now, and am having > > > > > problems > > with > > > > > > the network cards. > > > > > > > > > >I don't have the luxury of having 3 distinct models of NICs (we're > > > > > doing > > > > > > a > > > > > > > >red-orange-green setup). The best I have is one or more DLink > > > > > 538s, and > > > > > > a > > > > > > > >single DLink 530. The probe feature detects these models with > > > > > different drivers, which is good, but I need to configure two (or > > > > > three) 538s. > > > > > > The > > > > > > > >documentation I've looked at indicates I should select a manual > > > > >configuration, and specify the options I need for the cards - > > however, > > > > > this > > > > > > > > >documentation specifically deals with ISA cards. Can anyone tell > > > > > me > > > > > > what > > > > > > > >options I need to set for PCI cards? And where do I find the > > details > > > > for > > > > > > > >each card? (I can dig out the drivers disk if needed, but for PCI I > > > > > normally don't need them). > > > > > > > > > >Thanks in advance. If I can get this working, I think I can get > > > > > the company moving towards Linux more (not that we've ever been > > > > > opposed > > to > > > > > > it...). > > > > > > > > > >(I'll buy a beer for who ever comes up with the answer - probably > > > > > at the install fest in a couple of weeks). > > > > > > > > > >Shawn
