Installation
Please refer to the June 2012 issue for the
installation instructions of IPCop 2.0.4. Start by downloading the ISO image of
the latest stable release (2.0.3) from http://ipcop.org/download.php.
Burn it on a CD. IPCop installation is very simple and straightforward. You
require a computer system with a minimum of two Ethernet cards, 512 MB RAM, a
hard disk or flash drive, and a CD-ROM drive for installation. Start the
installation by booting from the IPCop CD. The first screen greets you with the
IPCop mission statement: ‘The bad packets stop here’; press Enter at the
boot: prompt. Select the desired language; an information dialogue box
tells you that pressing Cancel will reboot the system. Continue by
clicking OK. Select the type of keyboard, the time zone, and enter the
correct date and time, if required. Select the hard disk on which to install
IPCop. Beware that all data on this disk will be erased. Then click OK
to continue.
IPCop
Ver 2.0.x
Here, a very interesting screen greets you,
irrespective of whether the installation is on the hard disk or on flash.
Select the desired disk type from Flash/Disk. The installer will
make the required file systems and swap space, ask whether you have an older
backup to be restored, and complete the installation.
Reboot the system to continue to configure
the box. Enter the host name and domain name, before selecting the Red
(Internet) interface type and Ethernet card. Note that here you can configure
any Ethernet card to any interface. In the earlier version, the first detected
Ethernet was always assigned to Green, and it was tricky to change it later.
Also, to identify the card easily, you can set it in ‘LED blinking on’ mode.
Assign Green and Red cards, and enter the Green IP address and subnet mask.
Also, select the Red type such as Static, PPPoE, etc. You may enable DHCP if
desired, and enter root, admin and backup passwords to complete this part of
the configuration.
Configuration
Reboot the system and wait till you see the
login: screen (which can be used to log in as the root user). Use a client
computer browser to open https://IPCopIP:8443
and authenticate yourself as the admin with the earlier defined
password. The first step is to complete the set-up by configuring the Internet.
This trial set-up uses PPPoE on the Red interface. Proceed to Network
> Dialup, and enter the PPPoE username and password. From the Home
screen (System > Home), click the Connect button to
connect to the Internet. Configure the IPCop Green IP as the default gateway
and DNS in the client TCP/IP settings. That is all... you can now start
browsing securely.
Status
> Traffic Accounting
The next important step is to upgrade from
2.0.3 to the latest release. Start by checking whether new updates are
available go to the System > Update page. Select Refresh
Update List and check for the availability of new updates. Do
apply all the available patches. After updates, IPCop will be upgraded to the
latest version 2.0.6 (as of January 1, 2013).
A very helpful diagnostics screen,
especially for flash installations, is the Memory section of the Status
> System status page, which tells you whether sufficient
memory is available. Flash-based IPCop installations stop functioning if the
Ramdisk memory is full. IPCop supports alert emails; configure the required
email settings to enable the feature.
One of the interesting features built into
IPCop 2.0.x is traffic accounting, which monitors traffic volume. This requires
no further explanation; just look at Figure 3.
The Services > Proxy menu
is one of the most important configuration menus of IPCop. In this menu,
configuring an upstream proxy allows IPCop to access the Internet via an
external proxy server. This will be required for Internet connections requiring
proxy connectivity or in a local environment. If required, the username and
password for the proxy server can also be configured here.
The
Services > Proxy
IPCop can allow clients to access the
Internet in the following two ways:
·
Transparent proxy:
This enables all the requests from the Web browser to be forwarded to the
Internet, requiring no browser re-configuration. In this mode, URLFilter
settings control the HTTP traffic. However, HTTPS traffic goes unfiltered.
Also, there is a possibility of users bypassing the URL filter mechanism.
·
Non-transparent
proxy: This requires manual configuration of all browsers to use the
Green IP address and proxy port of IPCop. Running in non-transparent mode,
coupled with blocking of direct HTTPS requests, ensures filtering of this and
HTTP traffic via URLFilter. A proxy working in non-transparent mode terminates
all connections to the Internet. Further, it initiates a separate connection to
the Internet. Thus, there is no direct connection from the client system to the
Internet, isolating the client system.
The default firewall settings (Figure 5)
enable all traffic from Green to Red. This menu also embeds a popular add-on
for the earlier version, Block Outgoing Traffic. The GUI has changed slightly
for the embedded BOT.
IPCop generates and displays various logs,
on a last come-first-display basis, by default. Frequently, the most recent
logs are relevant and require to be seen. The Logs > Logs Settings
page gives us a selection to reverse the chronological order of the log
display. This menu also configures a time-frame to archive logs and summaries.
The log information can also be passed on to a syslog server by specifying its
IP address and protocol.
IPCop enables viewing of various logs,
which are also valuable for troubleshooting. Important options include Proxy,
OpenVPN, DNS, Red logs, etc. An interesting Red log for the PPPoE connection is
‘Waiting for PADO Packets’ followed by ‘Red cannot establish connection’. Most
of the time, this spells an ISP-side error; just log a maintenance call.
Various other setting options include
browsing time restrictions, download throttling to the specified download speed
limit, enabling only specified browsers to access the Internet, integration
with Windows AD to allow AD authenticated access, and so on. To sum up, IPCop
2.0 provides a robust firewall, which can be configured to browse the Internet
securely. Being available under the GNU license, it is free for all, and is in
use widely across the world. So, happy browsing!
