I have been using Linksys BEFSR41 router for quite some time with my ADSL. It was OK for the most time. Being a Linux and Open Source fan I have been checking new distros for last few years. There are several specialized distros aimed at partitioning, system tools, firewalls, etc. I came across an interesting Howto article taling about making your own firewall and I decided to give it a try. IPCop seemed natural choice for me since I have Linux experience and it seemed lots of people like it.
Status DisplayBasically you need a PC (even Pentium with 32MB would do) with two, three or four NICs (network cards). IPCop uses color coded designations for separate networks:
- RED connection to Internet (outer world)
- GREEN subnetwork behind firewall to be used as your secured LAN
- ORANGE subnetwork behind firewall, but for demilitarized LAN to be used with servers that should be accessible from Internet
- BLUE subnetwork behind firewall to be used with wireles LAN stations
I happened to have a PC that was waiting to be thrown in trash. This was really an old eMachines tower one with 32 MB RAM, intel Celeron and 8GB hard drive. It has only two PCI slots and two ISA slots. I put two NICs into it and I was ready to try.
Installing IPCop
With two NICs I was aiming for RED and GREEN configuration. For the purpose of installation you need keyboard and monitor as well as a CD-ROM or CD-RW drive. I burned a IPCop image on a CD and booted that old PC with it. Text menu for installation was pretty steightforward. After maybe 10 minutes I was ready to try. Please note that after you install IPCop, you can access its graphical user interface via web access remotely. Throughout installation there are some questions you need to answer such as administrator and backup user passwords, DHCP enable, local GREEN lan IP range. Also, you will need to configure yor RED network conenction (one toward Internet), which I left at DHCP and it worked flawlessly.
Connection
I removed my old router Linksys BEFSR41, connected ADSL modem to network card designated as RED, and conneced GREEN network card to my HUBs and local LAN. Once you start everything your IPCop (firewall) establishes connection with Internet and behaves as Firewall and DHCP server for other computers on your GREEN subnet. To my suprise everything worked great. I set my GREEN network to be in 192.168.0.xxx range. So, in order to configure IPCop further you need to access IPCop computer via http://192.168.0.1:81 in my case.
Connection status display
System graphs (CPU and memory)After accessing web based GUI, in the Status tab IPCop suggested installation of an update, which I did. Then, I also turned on Proxy service, which works as Internet access cache and speeds up browsing. The user interface is great and I was able to easily activate this function. I also turned off ping on RED interface. Further tuning can be done by adjusting and adding new Firewall rules.
Traffic graphs
Proxy graphs (needs to be enabled)I am happy. First, my connection to Internet appears to be faster. Second, with Linksys router the outer world could access my router and tried to hack into the settings. IPCop appears as it is not there. I tested it with some online port and security scanners and everything passed. I am also glad I found some great use to my old PC that I was almost ready to throw away.
Threre are also additional services such as SNORT, and VPN. I have not tried those yet.
What Next
Will definitively play with firewall riles, snort, and maybe even VPN. I am also reading about BSD based firewall pfSense and it also seems like a great firewall BSD distro based on m0n0wall. Will try it when I get a chance. Some folks compare the functionality of IPCop and pfSense to expensive dedicated Firewall/Routers.
References
http://ipcop.org
No comments:
Post a Comment