Uplink, Crossover, same thing. You're thinking about the right type of cable.
The reason for saying that you don't want 2 green nics, is that they'll have to be in 2 different IP subnets. That will mean that in order for these two groups of (I'm guessing Windows) machines to see each other, you'll need to have a WINS server, and all that administrative overhead. Plus, I don't think IPcop will let you use the web interface for DHCP anymore, it certainly won't work for both nics, in any case. I mean, it can be done, don't get me wrong, but it'll be ugly, and you'll be better off with something other than IPcop. And I don't think the default IPTables scripts will let you use multiple greens, so you'd need to rewrite them, which would mean that none of the other web interfaces would be completely accurate either. By that point, you really aren't using IPcop anymore, and you'll have spent A LOT of effort getting it all running. Better to pick a distro more suited to your needs. I believe MDK had a version specifically designed for use as a router. The alternate (and my recommendation) would be to just uplink the hubs. Remember though that the uplinked hub will be slower than the first hub, so plan accordingly (Printers, Internet Connections, etc on the second hub, Servers and heavy users together on the first. Kev. ----- Original Message ----- From: "Mathieu Jobin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 09, 2003 8:39 PM Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > very interresting. thank you very much for the ORANGE explaination. > just to be sure, by uplink cable, do you talk about a cross-cable used for > linking two computer without hub ? In french, we just call it a "cable > croisee" because some wire are crossed in it. but maybe I'm wrong and you > talk about something else. > > On Monday 09 June 2003 20:20, Kevin Anderson wrote: > > I will be easier to link 2 hubs. If one of the hubs doesn't have an > > uplink/crossover port, then link them with an uplink cable. It'll be less > > than $10, and FAR less hassle than having 2 Green NICs in your IPcop box. > > > > Orange is for a DMZ. That's when you want to have a server that is > > accessible to the internet (a web server, for example) so you need to allow > > people to connect to it. By allowing people to connect to it, it is > > possible that it will be compromised. A DMZ will allow a situation where a > > compromised machine still has no access to the internal network. You might > > lose 1 server, but that's all you'd lose, because the boxes in the DMZ will > > not have any better access to your internal network than anything else on > > the Internet. Orange is "semi-protected". > > > > Kev. > > > > > > > > > > ----- Original Message ----- > > From: "Mathieu Jobin" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, June 09, 2003 7:18 PM > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > anyone have tried to install two GREEN card under IPcop ? > > > > > > im not sure to understand whats a ORANGE card, ... but what i need to do, > > > > is > > > > > to output two network card to two hub. i think it could be easier to link > > > > the > > > > > hubs together and my hubs dont have this feature. so i need to link it by > > > > a > > > > > PC. so ? does IPCop can have on red card and two green card ? > > > > > > thanks > > > > > > On Monday 09 June 2003 17:38, Shawn Grover wrote: > > > > Thanks Kevin. I considered using a card from home, unfortunately, I > > > > have > > > > > > DLinks myself (except for the SMC in MY router). So the issue still > > > > exists. We'll be getting an SMC soon, had a situation where it either > > > > got > > > > > > resolved last night, or it had be back in it's original state for today > > > > (a > > > > > > couple of online demos were/are scheduled for today and the next couple > > > > of > > > > > > days). So, we're back to the way we were, until I can get the firewall > > > > built right. Maybe next weekend. > > > > > > > > Thanks for the tip on the aliasing. > > > > > > > > Shawn > > > > > > > > -----Original Message----- > > > > From: Kevin Anderson [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, June 09, 2003 11:58 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > > > > > > Why not blow $20 on a card out of your pocket? Then you'll have all > > > > the different cards. Heck, you could probably just trade it for one > > > > you > > > > have > > > > > > at home/work already, and not spend a dime. You'll more than make up > > > > for > > > > > > the $20 when you follow this project up with a cost savings analysis, > > > > and > > > > > > get a bonus for it... > > > > > > > > Aliasing the red interface is available from the Web Interface. > > > > > > > > Kev. > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Shawn" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > > Sent: Sunday, June 08, 2003 9:25 PM > > > > Subject: RE: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > > > Thanks for the reply. The MAC addresses would only apply if I can > > > > > get the manual config working for the PCI cards. I don't have the > > > > > info I need to > > > > > > > > do > > > > > > > > > the manual config (i.e. what options need to be specified, how do I > > > > find > > > > > > the > > > > > > > > > values for those options, etc.). > > > > > > > > > > Thus far, I have the Red and Green interfaces running. I think I'll > > > > be > > > > > > able > > > > > > > > > to convince the boss to buy an SMC card at which point we'll have 3 > > > > > different NICs. However, this means a delay in implementing the > > > > > firewall. > > > > > > > > > > On a different note, does anyone have any suggestions on how to > > > > > handle the IP addressing in our case? We have 8 static addresses > > > > > with about > > > > 5 > > > > > > > of > > > > > > > > them > > > > > > > > > in use right now. These 5 are fairly important (mailserver, web > > > > server, > > > > > > > VPN, etc.) and shouldn't change. Is there any way we can make IPCop > > > > > recognize all the addresses on the external interface (aliasing I > > > > guess), > > > > > > > and be able to route according to what address is used? My > > > > > experience > > > > > > > > with > > > > > > > > > IPCop suggests I can only use the default address of the Red > > > > > interface for determining routing. I'd rather not have to put in a > > > > > hub that > > > > would > > > > > > connect > > > > > > > > > all our public boxes directly to the DSL modem (I'd rather they were > > > > on > > > > > > the > > > > > > > > > DMZ and accessed through the firewall). But, I haven't had a need > > > > > (or the resources) to setup an Orange interface before (for myself > > > > > that > > > > is), > > > > > > > so > > > > > > > > I'm > > > > > > > > > sure I'm missing something. More reading coming down the pipe, I can > > > > > > > > tell. > > > > > > > > > Thanks again for the input. > > > > > > > > > > Shawn > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Neil Bower [mailto:[EMAIL PROTECTED] > > > > > Sent: Sunday, June 08, 2003 8:39 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Re: (clug-talk) Need help with IP Cop at work - NIC issue > > > > > > > > > > > > > > > Hi Shawn, > > > > > As far as I know ou can still do manual configs on the PCI cards. > > > > > > > > > > This is somethng I posted earlier in the week that can help if you're > > > > > > > > using > > > > > > > > > the same type of cards. > > > > > > > > > > I installed IPCop using 3 NICS (all 3-Com) > > > > > 1 - 10mb/s ISA Card and 2 -10/100 PCI Cards. The installation went > > > > fairly > > > > > > > well > > > > > and had no issues with the installation discovering the ISA Card - it > > > > > actually detected that one first. Being as the ISA Card is used on > > > > > the red zone, it actually helped with eliminating which card wasn't > > > > > to be used for the green zone. Not related to your problem, but may > > > > > help > > > > later > > > > > > > in the installation is to make sure you record the MAC addresses of > > > > the > > > > > > > cards as you > > > > > put them in the box. Once your installation is finished, login to the > > > > > console > > > > > and check the output of the ifconfig. Based on the MAC addresses and > > > > the > > > > > > IP > > > > > > > > > addresses, it'll be easy to know which cards to connect to which > > > > zones. > > > > > > > Hope this helps, > > > > > > > > > > Neil > > > > > > > > > > On Sunday 08 June 2003 18:28, Shawn Grover wrote: > > > > > >At work, we have a need to revise our network wiring/architecture. > > > > > > I've convinced the power's that be to try out IP Cop for our > > > > firewall, > > > > > > instead > > > > > > > > > > of the multiple Windows ISA servers we have now - the selling > > > > > > point was that IP Cop is much easier to manage than ISA. However, > > > > > > I'm in the process of building the IPCop box now, and am having > > > > > > problems > > > > with > > > > > > > > the network cards. > > > > > > > > > > > >I don't have the luxury of having 3 distinct models of NICs (we're > > > > > > doing > > > > > > > > a > > > > > > > > > >red-orange-green setup). The best I have is one or more DLink > > > > > > 538s, and > > > > > > > > a > > > > > > > > > >single DLink 530. The probe feature detects these models with > > > > > > different drivers, which is good, but I need to configure two (or > > > > > > three) 538s. > > > > > > > > The > > > > > > > > > >documentation I've looked at indicates I should select a manual > > > > > >configuration, and specify the options I need for the cards - > > > > however, > > > > > > > this > > > > > > > > > > >documentation specifically deals with ISA cards. Can anyone tell > > > > > > me > > > > > > > > what > > > > > > > > > >options I need to set for PCI cards? And where do I find the > > > > details > > > > > > for > > > > > > > > > >each card? (I can dig out the drivers disk if needed, but for PCI I > > > > > > normally don't need them). > > > > > > > > > > > >Thanks in advance. If I can get this working, I think I can get > > > > > > the company moving towards Linux more (not that we've ever been > > > > > > opposed > > > > to > > > > > > > > it...). > > > > > > > > > > > >(I'll buy a beer for who ever comes up with the answer - probably > > > > > > at the install fest in a couple of weeks). > > > > > > > > > > > >Shawn > > >
