[Leaplist] an ipcop question

Hank Lambert hank at hanklambert.com
Thu Dec 11 21:31:52 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I thought that is how the orange would work, being the DMZ, but I
wasn't sure. As far as the wireless, I have a router, a WRT54G that I
am flashing with Tomato firmware. Being it is a "ritter", I'm not sure
that putting it on the blue interface would really matter.

- --Hank

John Simpson wrote:
> On 2008-12-11, at 0723, Hank Lambert wrote:
>
> > It's my understanding that if you are inside the firewall, i.e. on the
> > green, you should be able to ping the other three interfaces. However,
> > if you are on the red you should not be able to ping any of the
> > interfaces. I'm not sure how the blue or orange would react as I
> haven't
> > used them.
>
> the rules are a bit strange until you get used to them.
>
> in a red/green situation, things work as you would expect. nothing
> can come "into" the green segment without an explicit rule allowing
> the traffic. however, outbound traffic is free to go as it likes.
>
> the orange segment... i've found it easiest to think of it like
> another green segment. you can set firewall rules which only apply
> to "red-to-orange" traffic, so you can allow the world to reach your
> server(s) in the orange segment, but not in the green segment.
> however, green cannot blithely walk through the firewall into the
> orange segment- you also need to set up "green-to-orange" rules, and
> if for some reason there's a machine in the orange segment which
> needs to access green, you need to set up a separate rule for that.
>
> the blue segment is like another green segment, with the added
> abilities to do MAC filtering (if i'm not mistaken, i've never
> actually done it.) it's really designed to have a wireless ACCESS
> POINT attached to it, not a wireless ROUTER (or "ritter", to use
> bryan's terminology, because he's right- the units are normally only
> barely functional as routers, they're designed for simple NAT use
> and that's it.)
>
>
> > Did you ever get an answer on how to set up the blue interface? I'm
> > getting ready to set up another IPCop box (my last one died) and I
> want
> > to set up the blue interface correctly. In my last setup, I had a WAP
> > hanging off of a switch, not the IPCop blue interface.
>
> if you have an access point, or if you're buying new hardware
> anyway, make sure you get an actual access point instead of a
> "wireless router".
>
>
> --------------------------------------------------------
> | John M. Simpson  --  KG4ZOW  --  Programmer At Large |
> | http://www.jms1.net/                 <jms1 at jms1.net> |
> --------------------------------------------------------
> |   Hope for America  --  http://www.ronpaul2008.com/  |
> --------------------------------------------------------
>
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJQc0XBEC44ZbTPXERAoFfAJ9pzFBSXgzzFMg3pmfdwoUBaPXKBgCgkLdf
50NLzsVQ9tTemglu1Qk1pic=
=dEpC
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list