[KLUG Members] IPCop Blue Zone..Re: Members Digest, Vol 20, Issue 18

Randall Perry RandallP at domain-logic.com
Tue Jan 17 09:55:17 EST 2006

Previous message: [KLUG Members] better to be a doorkeeper
Next message: [KLUG Members] Online C API reference for Linux "MSDN-like"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting members-request at kalamazoolinux.org:
> >>> I'm running IPCop 1.4.10 with a "RED/GREEN/BLUE" Ethernet setup.
> >>> Can someone point me in the right direction to allow "Blue"
> >>> (192.168.2.x) PCs (XP/SP2) running "HP Install Network Printer
> >>> Wizard" to connect to a "Green" (192.168.1.31:9100)
> >>> HP4MV/LaserJet printer?
> IPCop has a "feature" that blue cannot make outgoing connections to
> green. i.e. blue cannot initiate a connection to anything on green.
> this makes sense because Blue is a partially untrusted network,
> therefore you don't want to give them free reign. To get around this,
> you either have to explicitly allow each device on blue to connect
> the specific IPaddress/port on green, or look at maybe setting up a
> print server on Orange (the DMZ subnet for IPCop). Orange can't
> initiate connections to any subnet other than Red, but blue and green
> can connect to it.
Actually, you can connect with a VPN client from the client PC (Linux or
Windows).
There is an easy way to do this from the Windows using the Linsys IPSec client
(you can find this on sourceforge) [note: that is NOT linKsys]

It has worked for me in the past.

> I banged my head against the wall on this issue, and I finally gave
> up and added the 4th subnet on my IPCop box, because this behavior in
> IPCop is by design, and isn't going to be changed any time soon by
> the developers (bunch of paranoid freaks, which are the perfect
> people to be making a firewall distro, IMO)
Better than the social freak at smoothwall that caused the whole IPCop fork.
Ah, time passes but it seems just like last month that all hit the fan.


*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'

      Randall Perry
      Domain Logic Technology Solutions
      http://www.domain-logic.com
      574-220-1545
"The significant problems we face cannot be solved at the same level of
thinking we were at when we created them"
-Albert Einstein

Previous message: [KLUG Members] better to be a doorkeeper
Next message: [KLUG Members] Online C API reference for Linux "MSDN-like"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list