Setting up IPCop

From Manjaro Linux
Jump to: navigation, search

IPCop the Standalone Linux Firewall that Runs on Junk Computers:

This is not a Manjaro specific topic, though ALL of us ARE using the internet. So the topic is common to us all. I hope this article inspires someone to pull a redundant pile of old junk of a computer out of their garage, or from under their bed, & then get into creating an awesomely powerful firewall/router out of it.

Surprisingly an old PII running IPCop, with little very little RAM & a 2GB HDD, plus two network cards, is able to handle the firewall/routing needs of a small enterprise with up to 300 bums on seats that are using computers!

This is not a complete how-to, it is a good introduction to great technology that many know nothing about. It most certainly could be of great help to a first time user, though I have not used wireless & IPCop most certainly can.


What is IPCop?

IPCop is a simple to install & setup Linux kernel based firewall/router system. Their documentation is also superb.

This is the IPCop home page:

The IPCop Support page is also extremely helpful. So if you get stuck for some reason, or if you'd like to do some research prior to installation (compatible hardware) it is the place to start.

Some very useful add-ons exist for it at the CopFilter site.


An Example for a Home User:

There are four desktop machines; 2 x 24" alu' iMac & two multi-purpose boxes, plus a ReadyNAS Duo v1. These five are constantly connected to the LAN, there is also 1 Apple notebooks that is rarely connected to the LAN plus a PS3 that is always plugged into the network switch.

Additionally there is the IPCop box, a $5- Dell Optiplex GX150 from the local garbage dump - PIII 7**Mhz, 256MB RAM 10GB HDD, CD & floppy drives. It uses $53-/year in electricity running 24/7 at 19 cents/kWh.

All machines connect via cat-6 cable into a cheap 1GB eight port switch. The modem/router is a Siemens SpeedStream 4200, single port job.

Apart from the modem/router, IPCop, LJ-5 Printer & the ReadyNAS Duo, all existing boxes have dynamic IP addresses.


Here's a Simple Map of my LAN:

The account my ISP provides has a dynamic IP address.

Take note, the modem/router (RED) needs to be on a different subnet than the Green, as seen in the IP addresses below, (all of this RED & GREEN stuff makes perfect sense when you have had a look at the IPCop documentation).


Here is a simple map of of LAN that is using IPCop:

|
DSL
|
Modem 192.168.254.254
|
IPCop (blackbox) 192.168.1.1
|
Switch
|
iMac..iMac..PC..PC..ReadyNAS Duo..Powermac..PS3..LJ-5 Printer..


IPCop settings that I have used

Host Name: blackbox
Domain Name: domain.invalid
Network Type: GREEN + RED
Drivers & Card Assignments:-
GREEN: Digital 21x4x Tulip PCI (eth0)
RED: Intel i82557/i82558 PCI (eth1)
Address Settings:-
GREEN interface: 192.168.1.1 <- blackbox
Network mask: 255.255.255.0
RED interface: PPPoE
DNS & Gateway settings: Blank
DHCP server configuration:
Start address: 192.168.1.2
End address: 192.168.1.24
Primary DNS: 192.168.1.1 <- blackbox
Secondary DNS: Blank
Default lease (mins): 2440
Max lease (mins): 4880
Domain name suffix: domain.invalid


IPCop Dialup (Broadband) Settings:

Profile: internode-1
Connection:- PPPoE
Idle Timeout: 0
Connection on IPCop Restart: ticked
Reconnection:-
Persistent
Hold Off Time: 10
In case connection fails, switch to profile:  internode-1
Maximum retries: 5
Additional PPPoE Settings: unused
Authentication:-
User Name: my ISP account username
Method: PAP or CHAP
Password: my ISP account password
DNS:-
Manual: I chose to enter my ISP's primary & secondary DNS addresses
Profile Name: internode-1


The Browser Base GUI Interface:

Once IPCop has been installed, the Dialup Settings (just above) are added via the browser based GUI from a client on the LAN. They are all that is needed for IPCop to be up & running.

Depending on the use of the LAN as to whether anything else has to be done, apart from doing a simple upgrade of IPCop from within IPCop.


So Why Do It?

As of this writing I've used IPCop for ~3 years & it has been so effective that you never think about it. My internet access speeds are slightly faster, as Linux handles IP better than the windows centric ADSL modem/routers do.

In the past I've lost the 10GB drive so I had to reinstall IPCop on another drive I had laying around (20GB this time). & have had one of its NIC's fail. So I did another installation. I have also setup my fathers old Athlon 9**Mhz, 512MB RAM, 20GB HDD, CD & floppy drives, box, as a backup for when the old Dell eventually goes to computer heaven...

From What I have read, machines of this ilk can handle networks with as many as 300 bums on seats!

Support

Following is a link to this page's forum counterpart where you can post any related feedback: [1]