Setting up IPCop

From Manjaro Linux

Contents
1 IPCop the Standalone Linux Firewall that Runs on Junk Computers:
1.1 What is IPCop?
1.2 An Example for a Home User:
1.3 Here's a Simple Map of my LAN:
1.4 IPCop settings that I have used
1.5 IPCop Dialup (Broadband) Settings:
1.6 The Browser Base GUI Interface:
1.7 So Why Do It?
2 Support

IPCop the Standalone Linux Firewall that Runs on

Junk Computers:
This is not a Manjaro specific topic, though ALL of us ARE using the internet. So the topic is common to us
all. I hope this article inspires someone to pull a redundant pile of old junk of a computer out of their garage,
or from under their bed, & then get into creating an awesomely powerful firewall/router out of it.

Surprisingly an old PII running IPCop, with little very little RAM & a 2GB HDD, plus two network cards,
is able to handle the firewall/routing needs of a small enterprise with up to 300 bums on seats that are using
computers!

This is not a complete how-to, it is a good introduction to great technology that many know nothing about.
It most certainly could be of great help to a first time user, though I have not used wireless & IPCop most
certainly can.

What is IPCop?
IPCop is a simple to install & setup Linux kernel based firewall/router system. Their documentation is also
superb.

This is the IPCop home page (http://www.ipcop.org/index.php/):

The IPCop Support page (http://www.ipcop.org/support.php/) is also extremely helpful. So if you get stuck
for some reason, or if you'd like to do some research prior to installation (compatible hardware) it is the
place to start.

Some very useful add-ons exist for it at the CopFilter (http://www.copfilter.org/) site.

1
An Example for a Home User:
There are four desktop machines; 2 x 24" alu' iMac & two multi-purpose boxes, plus a ReadyNAS Duo v1.
These five are constantly connected to the LAN, there is also 1 Apple notebooks that is rarely connected to
the LAN plus a PS3 that is always plugged into the network switch.

Additionally there is the IPCop box, a $5- Dell Optiplex GX150 from the local garbage dump - PIII
7**Mhz, 256MB RAM 10GB HDD, CD & floppy drives. It uses $53-/year in electricity running 24/7 at 19
cents/kWh.

All machines connect via cat-6 cable into a cheap 1GB eight port switch. The modem/router is a Siemens
SpeedStream 4200, single port job.

Apart from the modem/router, IPCop, LJ-5 Printer & the ReadyNAS Duo, all existing boxes have dynamic
IP addresses.

Here's a Simple Map of my LAN:

The account my ISP provides has a dynamic IP address.

Take note, the modem/router (RED) needs to be on a different subnet than the Green, as seen in the IP
addresses below, (all of this RED & GREEN stuff makes perfect sense when you have had a look at the
IPCop documentation).

Here is a simple map of of LAN that is using IPCop:

|
DSL
|
Modem 192.168.254.254
|
IPCop (blackbox) 192.168.1.1
|
Switch
|
iMac..iMac..PC..PC..ReadyNAS Duo..Powermac..PS3..LJ-5 Printer..

IPCop settings that I have used

Host Name: blackbox
Domain Name: domain.invalid
Network Type: GREEN + RED
Drivers & Card Assignments:-
GREEN: Digital 21x4x Tulip PCI (eth0)
RED: Intel i82557/i82558 PCI (eth1)
Address Settings:-
GREEN interface: 192.168.1.1 <- blackbox
Network mask: 255.255.255.0
RED interface: PPPoE
DNS & Gateway settings: Blank
DHCP server configuration:
Start address: 192.168.1.2
End address: 192.168.1.24
Primary DNS: 192.168.1.1 <- blackbox

2
Secondary DNS: Blank
Default lease (mins): 2440
Max lease (mins): 4880
Domain name suffix: domain.invalid

IPCop Dialup (Broadband) Settings:

Profile: internode-1
Connection:- PPPoE
Idle Timeout: 0
Connection on IPCop Restart: ticked
Reconnection:-
Persistent
Hold Off Time: 10
In case connection fails, switch to profile: internode-1
Maximum retries: 5
Additional PPPoE Settings: unused
Authentication:-
User Name: my ISP account username
Method: PAP or CHAP
Password: my ISP account password
DNS:-
Manual: I chose to enter my ISP's primary & secondary DNS addresses
Profile Name: internode-1

The Browser Base GUI Interface:

Once IPCop has been installed, the Dialup Settings (just above) are added via the browser based GUI from
a client on the LAN. They are all that is needed for IPCop to be up & running.

Depending on the use of the LAN as to whether anything else has to be done, apart from doing a simple
upgrade of IPCop from within IPCop.

So Why Do It?
As of this writing I've used IPCop for ~3 years & it has been so effective that you never think about it. My
internet access speeds are slightly faster, as Linux handles IP better than the windows centric ADSL
modem/routers do.

In the past I've lost the 10GB drive so I had to reinstall IPCop on another drive I had laying around (20GB
this time). & have had one of its NIC's fail. So I did another installation. I have also setup my fathers old
Athlon 9**Mhz, 512MB RAM, 20GB HDD, CD & floppy drives, box, as a backup for when the old Dell
eventually goes to computer heaven...

From What I have read, machines of this ilk can handle networks with as many as 300 bums on seats!

Support
Following is a link to this page's forum counterpart where you can post any related feedback: [1]
(https://forum.manjaro.org/t/wiki-setting-up-ipcop-the-dedicated-stand-alone-linux-firewall/17666)

3
Retrieved from "https://wiki.manjaro.org/index.php?title=Setting_up_IPCop&oldid=14323"
Category: Contents Page

This page was last modified on 17 February 2017, at 02:59.

This page has been accessed 23,464 times.