IPCOP login help

Hi

Im wanting to try IPCOP Firewall, I have it loaded and its running on the pc, I can login to root ok from the actual pc ok, I get to the command promp and see the following ... no mail. root@ipcop:~# from there I can run into setup but cannot login to admin web page , it says password incorrect.

I reinstalled IPCOP to make sure I have the correct password and get the same thing....I tried to login via another pc with a browser and cannot connect to the machine..any help or tips would be appriciated as I wanna get rid of my router and go with a firewall box.

Reply to
Joey
Loading thread data ...

https://192.168.1.1:445/cgi-bin/index.cgi Make sure that you can icmp (ping) 192.168.1.1

Log in as a root and set an simple admin password the first time, then you are able to reach the Ipcop from the webb interface you should change it to some stronger.

Hope this will help Anders

Reply to
Anders

Login to IPCOP as root, then run setup. The last option in the setup list is "admin password". This will allow you to change the web admin password

Reply to
ABC

Hi Tried that still gives error password is incorrect,

Im unable to ping 192.168.1.1 , but its strange as some times im getting , Reply from 61.88.136.25: Destination net unreachable....I dont know why I got this.. hummmmm , maybe spyware... I also tried to click your link that failed as well.couldnt be found.

Reply to
Joey

Hi ABC

I also tried to do that, I still got password incorrect...it then changes on next line to ipcop.localdomain login , i tried it there and failed as well...any more tips?

Reply to
Joey
  • Joey :

I missed a lot of this but you have tried https://ip_of_ipcop:445 of course?

Jason

Reply to
Jason

No I havent , but I will when I get home tonight I will....

If I cannot ping the green or red section or 192.168.1.1 ...I have a Cable modem and a router,then a switch then the ip cop machine and my other PC I try to log with...I think that maybe half my problem...

Reply to
Joey

Thanks Moe for your reply...

  1. ping may be disabled or blocked > I think Ive got block pings on setup to my SMC router, Ill try and disable to see if works.

  1. 61.88.136.25 is _probably_ your default route to the world, and it's telling you it doesn't know how to find '192.168.1.1'. The real question is why are packets destined for 192.168.1.1 being sent to 61.88.136.25. This is likely a routing table error on your host

current at work..

I dont know if It makes a difference but I loaded smoothwall 2.0 in a attempt to see if any software would work , but got the same results..

Reply to
Joey

  1. ping may be disabled or blocked
  2. 192.168.1.1 may not know how to send packets back to you
  3. 61.88.136.25 is _probably_ your default route to the world, and it's telling you it doesn't know how to find '192.168.1.1'. The real question is why are packets destined for 192.168.1.1 being sent to 61.88.136.25. This is likely a routing table error on your host.

I assume you are referring to "https://192.168.1.1:445/cgi-bin/index.cgi"This is probably because you don't have routing set up on that other PC. If a *nix box, try the commands

/sbin/ifconfig -a /sbin/route -n

If some windoze box, try 'route print' to see the routing table (there must be a route to 192.168.1.x for things to work) and "ipconfig /all" (for NT, w2k, or XP) or winipcfg and the more button on win9x or ME.

I don't use IPCOP, so I have no idea why you can't log in from the console. If it actually does say "password incorrect", the author of the application should be taken out and shot - that is an unbelievable security gaff that no sane programmer should have made.

Old guy

Reply to
Moe Trin

MOE wrote - If some windoze box, try 'route print' to see the routing table (there must be a route to 192.168.1.x for things to work)

There's no route in my routing table or ipconfig /all for that , How can I create one in Win 2000?

I did see a strange ip 224.0.0.0 for Network Destination and Netmask, Whats that? ...also Ive checked the ping is disabled via router ok...

thanking you for you help :-)

Reply to
Joey

Bingo! Because there is no route to that network, routing chooses the next less definitive choice, probably your 'default' (which means "if nothing else fits, send it here and hope for the best"). In this case, that default is not correct, per RFC1918. The typical windoze routing table is a "Baffle 'em with Bullshit" situation - microsoft doesn't want you looking at it, and makes it look scary. It's also misleading. A "gateway" is the host that you forward packets to for onward relay. If that gateway is yourself (as microsoft shows), then it means to send the packet to yourself, who will send it to the next hop... which is yourself, so that host will send it to... yourself. Mommy, are we there yet? But anyway:

route print Network Address Netmask Gateway Address Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 1 192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 1 224.0.0.0 224.0.0.0 192.168.1.2 192.168.1.2 1 255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1

(this is host 192.168.1.2, and the gateway to the world is 192.168.1.1.) This table can be boiled down to

Network Address Netmask Gateway Address Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 1 224.0.0.0 224.0.0.0 192.168.1.2 192.168.1.2 1

So, if you want to send a packet to a host with address 192.168.1.0 to

192.168.1.255, or 224.0.0.0 to 239.255.255.255, send it directly (the "gateway" to those addresses is yourself). 127.0.0.0 through 127.255.255.255 is a special address that always means "me". It's also called the "loopback" address. OK, how about 192.168.3.23? Well, that clearly isn't the second, third or fourth route, as the address doesn't "fit" the range they cover. However the first line (which is the default), says that 0.0.0.0 through 255.255.255.255 can be reached by sending the packets to 192.168.1.1, and letting that host send them on their merry way. (192.168.1.1 might disagree with this, and that will result in the "Destination net unreachable" message from 192.168.1.1, but that's another story.) OK, you might ask, why not send _everything_ to 192.168.1.1? That's not efficient if you can reach the destination by yourself - that's why the more definitive routes would be chosen IF THEY APPLY.

Sorry - I stopped using windoze in 1992.

1301 Multicast Transport Protocol. S. Armstrong, A. Freier, K. Marzullo. February 1992. (Format: TXT=91976 bytes) (Status: INFORMATIONAL) 1458 Requirements for Multicast Protocols. R. Braudes, S. Zabele. May 1993. (Format: TXT=48106 bytes) (Status: INFORMATIONAL) 2365 Administratively Scoped IP Multicast. D. Meyer. July 1998. (Format: TXT=17770 bytes) (Also BCP0023) (Status: BEST CURRENT PRACTICE) 2588 IP Multicast and Firewalls. R. Finlayson. May 1999. (Format: TXT=28622 bytes) (Status: INFORMATIONAL) 3171 IANA Guidelines for IPv4 Multicast Address Assignments. Z. Albanna, K. Almeroth, D. Meyer, M. Schipper. August 2001. (Format: TXT=15389 bytes) (Also BCP0051) (Status: BEST CURRENT PRACTICE)

Briefly, those RFCs describe a network protocol for 'one to many' packet delivery. This is used for services like Internet Radio and Internet Television broadcasting. It requires that the routers between the source (for example, the BBC, or the [current] LiveAid concert) and the listener or viewer know that someone down the pipe wants to receive these packets. Once it reaches your network, multiple computers can be told to listen to packets destined for a specific address in the range 224.0.0.0 through

239.255.255.254 to "receive" the program. However, this also requires an application to use the network feed, such as RealAudio. I should mention that this isn't the _only_ use of those addresses - I'm just talking about concepts.

Yeah, a lot of people have disabled ping responders on their systems as a defense against skript kiddiez who have nothing better to do than to occupy bandwidth.

You're welcome! Sorry I can't help on the windoze setup, but I don't use that O/S.

Old guy

Reply to
Moe Trin

So what you should have is:

Cable modem ----- Router---- IPCOP ----- Switch -----PC

The red interface of IPcop should be set to a suitable IP for your router side of the network.

The green interface should be set to a different subnet. Also set up IPCOP as a DHCP server and your PC to automatic IP address and you should be good to go.

e.g.

Router 10.0.0.1 IPCOP red 10.0.0.2 Gateway 10.0.0.1 IPCOP green 192.168.0.1

The password problem is probably a faulty keyboard on the IPCOP box (Been there done that). Enter a simple password like 1111 and try both

1111 & !!!!
Reply to
Mike

Thanks to all who replied and tried to help me.

I havent tried the last post about the passwords yet I need to reload IPcop again...

Ive spent sooooooo may hrs and days trying to make this work that Im sick of it now and wanna get back to enjoying the net again....Also my work hrs and family make it hard for me to spend anymore time on it... AsIve taken away from them.

Ive just about to give up on this one, Ive stuffed up one of my PC.'s (now it wont share files anymore and wont see my other 4 pc's) This may be a seperate issue but Ive put the whole thing in the (too hard basket), aIso tried smoothwall and same things are happening

I downloaded the trial verson of Astareo Security V5.0 and i was able to get to the webadmin page, but then unable to get online...

If someone has the paticence of a saint...and would like to provide further support I would consider trying again. As im really interseted in getting this working....otherwise

Ill just go out and buy a good firewall/router and go with that , any recommendations on a good firewall/router..?

Thanks

Joe

Reply to
Joey

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.