IPCOP can't reach ORANGE from GREEN

IPCOP is a specialty Linux Distribution for creating firewalls. Very nice. It uses colours to describe the security "Zones" that it creates. RED is the internet, GREEN is a local, protected network. ORANGE and BLUE are DMZ and wireless zones. It is all quite handy and easy to use.

In one installation a RED-GREEN system has been running for years without a hitch. When an ORANGE DMZ zone was added it didn't work as expected; GREEN could not reach ORANGE, but that should be allowed by default. The short answer is this. Don't use 169.254.x.y addresses for the GREEN zone on IPCOP boxes. It fails when an ORANGE zone is added.

So there you go. Use IETF approved private address blocks. Come on You know them. Sing along with me:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)


And do not use 169.254.0.0/16 just because it worked that way with the old boxes.