Stupid question but would you be willing to post your routing table? I'm also wondering if its possible that your network card needs to be in promiscuous mode (Can be turned on with ifconfig eth# promisc ) to support aliasing?
Mike On Tue, 2004-08-17 at 17:38, Shawn Grover wrote: > Thanks for the response Kevin. > > Nope, the issue isn't resolved yet - I put it aside for a few days. > > I did try the forwarding rules with both the default IP and the aliased IP, and both > conditions would fail name resolution from outside our network. I wasn't aware > there was a newer version of IPCop, I'll take a look for 1.4b9 then and see how it > works. (Afterall it only takes 15 minutes to rebuild an IPCop firewall.) > > Shawn > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Kevin Anderson > Sent: Tuesday, August 17, 2004 4:57 PM > To: CLUG General > Subject: Re: [clug-talk] IP Cop Config problems > > > Shawn, is this resolved? > > I use multiple IPs on our IPcop firewall, and it's working very well. > Personally, I'd recommend looking at 1.4b9. The 1.4 version has ALOT of > benefits over 1.3, but I'm doing it with 1.3 now, so either should be fine. > > The only thing I can think of is that when you port forward to the DNS > servers, you're leaving the IP as the default, rather than selecting one of > the aliases. > > Kev. > > > > On Saturday 14 August 2004 20:29, Shawn Grover wrote: > > Hi gang. > > > > I'm trying to replace our primary firewall with IPCop and am running into > > problems. > > > > We have a range of external IP addresses, most of which are currently used > > for one or more services. I've configured the aliases on the external > > network card (the red zone), but they don't seem to be responding to > > traffic. If I ping the main IP (64.42.255.217), I get responses. But if I > > ping one of the aliased IPs, I get no response. This is also preventing > > name resolution as our primary and secondary DNS servers are on two of the > > aliased IPs. > > > > I'm looking for ideas how to get this working. Of course, I can turn off > > the new firewall, and reconnect the old one, so I'm not at a "network > > outage" type of situation. > > > > I've attached a snippet from ifconfig output on IPCop's information page > > below. Maybe it'll help identify the problem? I have configured IPCop to > > forward port 53 (both tcp and udp) to our DNS servers and have tried using > > the default IP on the external NIC, as well as the aliased IPs (our DNS > > servers are 64.42.255.209 and 210). It seems names are not getting > > resolved against these servers. I think this is the BIG stumbling block > > for me - once I get past this, I should be able to get the other services > > working. > > > > Oh, I have also enabled external access to the services in question, but > > maybe have done this wrong? Do I need to allow access for each port on the > > default IP AND the aliased IP? > > > > Any tips are appreciated. > > > > Shawn > > > > ----- ifconfig ----- > > eth0 Link encap:Ethernet HWaddr 00:50:BF:A3:16:06 > > inet addr:192.168.7.1 Bcast:192.168.7.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:21843 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:23823 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:4079426 (3.8 Mb) TX bytes:4342247 (4.1 Mb) > > Interrupt:12 Base address:0x6100 > > > > eth1 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.217 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > RX packets:17654 errors:31 dropped:0 overruns:0 frame:0 > > TX packets:18149 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:244 txqueuelen:1000 > > RX bytes:2392775 (2.2 Mb) TX bytes:3794953 (3.6 Mb) > > Interrupt:5 Base address:0xb000 > > > > eth1:0 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.209 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > Interrupt:5 Base address:0xb000 > > > > eth1:1 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.210 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > Interrupt:5 Base address:0xb000 > > > > eth1:2 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.212 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > Interrupt:5 Base address:0xb000 > > > > eth1:3 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.213 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > Interrupt:5 Base address:0xb000 > > > > eth1:4 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.214 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > Interrupt:5 Base address:0xb000 > > > > eth1:5 Link encap:Ethernet HWaddr 00:50:BA:49:15:27 > > inet addr:64.42.255.215 Bcast:64.42.255.223 > > Mask:255.255.255.240 UP BROADCAST RUNNING MTU:1500 Metric:1 > > Interrupt:5 Base address:0xb000 > > > > _______________________________________________ > > clug-talk mailing list > > [EMAIL PROTECTED] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
