IPCOP login help

Hi

Im wanting to try IPCOP Firewall, I have it loaded and its running on
the pc, I can login to root ok from the actual pc ok, I get to the
command promp and see the following ... no mail. root@ipcop:~# from
there I can run into setup but cannot login to admin web page , it says
password incorrect.

I reinstalled IPCOP to make sure I have the correct password and get
the same thing....I tried to login via another pc with a browser and
cannot connect to the machine..any help or tips would be appriciated as
I wanna get rid of my router and go with a firewall box.

Re: IPCOP login help

Joey wrote:
> Hi
>
> Im wanting to try IPCOP Firewall, I have it loaded and its running on
> the pc, I can login to root ok from the actual pc ok, I get to the
> command promp and see the following ... no mail. root@ipcop:~# from
> there I can run into setup but cannot login to admin web page , it says
> password incorrect.
>
> I reinstalled IPCOP to make sure I have the correct password and get
> the same thing....I tried to login via another pc with a browser and
> cannot connect to the machine..any help or tips would be appriciated as
> I wanna get rid of my router and go with a firewall box.
>

https://192.168.1.1:445/cgi-bin/index.cgi

Make sure that you can icmp (ping) 192.168.1.1

Log in as a root and set an simple admin password the first time, then
you are able to reach the Ipcop from the webb interface you should
change it to some stronger.

Hope this will help
Anders

Re: IPCOP login help

"Joey" wrote in message
news:1120014865.206478.310870@g44g2000cwa.googlegroups.com.. .
> Hi
>
> Im wanting to try IPCOP Firewall, I have it loaded and its running on
> the pc, I can login to root ok from the actual pc ok, I get to the
> command promp and see the following ... no mail. root@ipcop:~# from
> there I can run into setup but cannot login to admin web page , it says
> password incorrect.
>
> I reinstalled IPCOP to make sure I have the correct password and get
> the same thing....I tried to login via another pc with a browser and
> cannot connect to the machine..any help or tips would be appriciated as
> I wanna get rid of my router and go with a firewall box.
>
Login to IPCOP as root, then run setup. The last option in the setup list is
"admin password". This will allow you to change the web admin password

Re: IPCOP login help

Hi
Tried that still gives error password is incorrect,

Im unable to ping 192.168.1.1 , but its strange as some times im
getting , Reply from 61.88.136.25: Destination net unreachable....I
dont know why I got this.. hummmmm , maybe spyware...
I also tried to click your link that failed as well.couldnt be found.

Re: IPCOP login help

Hi ABC

I also tried to do that, I still got password incorrect...it then
changes on next line to ipcop.localdomain login , i tried it there and
failed as well...any more tips?

Re: IPCOP login help

* Joey :
> Hi ABC
>
> I also tried to do that, I still got password incorrect...it then
> changes on next line to ipcop.localdomain login , i tried it there and
> failed as well...any more tips?
>

I missed a lot of this but you have tried https://ip_of_ipcop:445 of
course?

Jason

Re: IPCOP login help

No I havent , but I will when I get home tonight I will....

If I cannot ping the green or red section or 192.168.1.1 ...I have a
Cable modem and a router,then a switch then the ip cop machine and my
other PC I try to log with...I think that maybe half my problem...

Re: IPCOP login help

In the Usenet newsgroup comp.security.firewalls, in article
<1120064978.672050.321330@g44g2000cwa.googlegroups.com>, Joey wrote:

>Im unable to ping 192.168.1.1 , but its strange as some times im
>getting , Reply from 61.88.136.25: Destination net unreachable....I
>dont know why I got this.. hummmmm , maybe spyware...

1. ping may be disabled or blocked
2. 192.168.1.1 may not know how to send packets back to you
3. 61.88.136.25 is _probably_ your default route to the world, and it's
telling you it doesn't know how to find '192.168.1.1'. The real
question is why are packets destined for 192.168.1.1 being sent to
61.88.136.25. This is likely a routing table error on your host.

>I also tried to click your link that failed as well.couldnt be found.

I assume you are referring to "https://192.168.1.1:445/cgi-bin/index.cgi"
This is probably because you don't have routing set up on that other PC.
If a *nix box, try the commands

/sbin/ifconfig -a
/sbin/route -n

If some windoze box, try 'route print' to see the routing table (there
must be a route to 192.168.1.x for things to work) and "ipconfig /all"
(for NT, w2k, or XP) or winipcfg and the more button on win9x or ME.

I don't use IPCOP, so I have no idea why you can't log in from the console.
If it actually does say "password incorrect", the author of the application
should be taken out and shot - that is an unbelievable security gaff that
no sane programmer should have made.

Old guy

Re: IPCOP login help

Thanks Moe for your reply...

1. ping may be disabled or blocked > I think Ive got block pings on
setup to my SMC router, Ill try and disable to see if works.

3. 61.88.136.25 is _probably_ your default route to the world, and
it's
telling you it doesn't know how to find '192.168.1.1'. The real
question is why are packets destined for 192.168.1.1 being sent to
61.88.136.25. This is likely a routing table error on your host
>... Ill try this when I get back home tonight, Ill follow your commands , current at work..

I dont know if It makes a difference but I loaded smoothwall 2.0 in a
attempt to see if any software would work , but got the same results..

Re: IPCOP login help

MOE wrote - If some windoze box, try 'route print' to see the routing
table (there
must be a route to 192.168.1.x for things to work)

There's no route in my routing table or ipconfig /all for that , How
can I create one in Win 2000?

I did see a strange ip 224.0.0.0 for Network Destination and Netmask,
Whats that? ...also Ive checked the ping is disabled via router ok...

thanking you for you help :-)

Re: IPCOP login help

In the Usenet newsgroup comp.security.firewalls, in article
<1120227886.217653.20700@o13g2000cwo.googlegroups.com>, Joey wrote:

>MOE wrote - If some windoze box, try 'route print' to see the routing
>table (there must be a route to 192.168.1.x for things to work)
>
>There's no route in my routing table or ipconfig /all for that

Bingo! Because there is no route to that network, routing chooses
the next less definitive choice, probably your 'default' (which means
"if nothing else fits, send it here and hope for the best"). In this
case, that default is not correct, per RFC1918. The typical windoze
routing table is a "Baffle 'em with Bullshit" situation - microsoft
doesn't want you looking at it, and makes it look scary. It's also
misleading. A "gateway" is the host that you forward packets to for
onward relay. If that gateway is yourself (as microsoft shows), then
it means to send the packet to yourself, who will send it to the next
hop... which is yourself, so that host will send it to... yourself.
Mommy, are we there yet? But anyway:

route print
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 1
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 1
224.0.0.0 224.0.0.0 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1

(this is host 192.168.1.2, and the gateway to the world is 192.168.1.1.)
This table can be boiled down to

Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 1
224.0.0.0 224.0.0.0 192.168.1.2 192.168.1.2 1

So, if you want to send a packet to a host with address 192.168.1.0 to
192.168.1.255, or 224.0.0.0 to 239.255.255.255, send it directly (the
"gateway" to those addresses is yourself). 127.0.0.0 through
127.255.255.255 is a special address that always means "me". It's
also called the "loopback" address. OK, how about 192.168.3.23?
Well, that clearly isn't the second, third or fourth route, as the
address doesn't "fit" the range they cover. However the first line
(which is the default), says that 0.0.0.0 through 255.255.255.255
can be reached by sending the packets to 192.168.1.1, and letting
that host send them on their merry way. (192.168.1.1 might disagree
with this, and that will result in the "Destination net unreachable"
message from 192.168.1.1, but that's another story.) OK, you might
ask, why not send _everything_ to 192.168.1.1? That's not efficient
if you can reach the destination by yourself - that's why the more
definitive routes would be chosen IF THEY APPLY.

>How can I create one in Win 2000?

Sorry - I stopped using windoze in 1992.

>I did see a strange ip 224.0.0.0 for Network Destination and Netmask,
>Whats that?

1301 Multicast Transport Protocol. S. Armstrong, A. Freier, K.
Marzullo. February 1992. (Format: TXT=91976 bytes) (Status:
INFORMATIONAL)

1458 Requirements for Multicast Protocols. R. Braudes, S. Zabele. May
1993. (Format: TXT=48106 bytes) (Status: INFORMATIONAL)

2365 Administratively Scoped IP Multicast. D. Meyer. July 1998.
(Format: TXT=17770 bytes) (Also BCP0023) (Status: BEST CURRENT
PRACTICE)

2588 IP Multicast and Firewalls. R. Finlayson. May 1999. (Format:
TXT=28622 bytes) (Status: INFORMATIONAL)

3171 IANA Guidelines for IPv4 Multicast Address Assignments. Z.
Albanna, K. Almeroth, D. Meyer, M. Schipper. August 2001. (Format:
TXT=15389 bytes) (Also BCP0051) (Status: BEST CURRENT PRACTICE)

Briefly, those RFCs describe a network protocol for 'one to many' packet
delivery. This is used for services like Internet Radio and Internet
Television broadcasting. It requires that the routers between the source
(for example, the BBC, or the [current] LiveAid concert) and the listener
or viewer know that someone down the pipe wants to receive these packets.
Once it reaches your network, multiple computers can be told to listen
to packets destined for a specific address in the range 224.0.0.0 through
239.255.255.254 to "receive" the program. However, this also requires an
application to use the network feed, such as RealAudio. I should mention
that this isn't the _only_ use of those addresses - I'm just talking about
concepts.

>also Ive checked the ping is disabled via router ok...

Yeah, a lot of people have disabled ping responders on their systems as
a defense against skript kiddiez who have nothing better to do than to
occupy bandwidth.

>thanking you for you help :-)

You're welcome! Sorry I can't help on the windoze setup, but I don't use
that O/S.

Old guy

Re: IPCOP login help

Joey wrote:
> No I havent , but I will when I get home tonight I will....
>
> If I cannot ping the green or red section or 192.168.1.1 ...I have a
> Cable modem and a router,then a switch then the ip cop machine and my
> other PC I try to log with...I think that maybe half my problem...
>

So what you should have is:

Cable modem ----- Router---- IPCOP ----- Switch -----PC

The red interface of IPcop should be set to a suitable IP for your
router side of the network.

The green interface should be set to a different subnet. Also set up
IPCOP as a DHCP server and your PC to automatic IP address and you
should be good to go.

e.g.

Router 10.0.0.1
IPCOP red 10.0.0.2 Gateway 10.0.0.1
IPCOP green 192.168.0.1

The password problem is probably a faulty keyboard on the IPCOP box
(Been there done that). Enter a simple password like 1111 and try both
1111 & !!!!

Re: IPCOP login help

Thanks to all who replied and tried to help me.

I havent tried the last post about the passwords yet I need to reload
IPcop again...

Ive spent sooooooo may hrs and days trying to make this work that Im
sick of it now and wanna get back to enjoying the net again....Also my
work hrs and family make it hard for me to spend anymore time on it...
AsIve taken away from them.

Ive just about to give up on this one, Ive stuffed up one of my PC.'s
(now it wont share files anymore and wont see my other 4 pc's) This may
be a seperate issue but Ive put the whole thing in the (too hard
basket), aIso tried smoothwall and same things are happening

I downloaded the trial verson of Astareo Security V5.0 and i was able
to get to the webadmin page, but then unable to get online...

If someone has the paticence of a saint...and would like to provide
further support I would consider trying again. As im really interseted
in getting this working....otherwise

Ill just go out and buy a good firewall/router and go with that , any
recommendations on a good firewall/router..?

Thanks

Joe