The beta version of IPCop firewall 1.4.0b3 is available. See
the link in the quoted article, below. I am using 1.3.0 (release)
and it works well. My current uptime is about 270 days. Below
that are my notes from Phil's presentation Thursday night at
the Leap meeting, at which I was present. As Phil says, bug
reports on 1.4.0b3 are sought.
> Message: 2
> From: Phil Barnett <philb@philb.us>
> To: LeapList@lists.leap-cf.org
> Date: Fri, 21 May 2004 01:51:50 -0400
> Subject: [LeapList]URL for the IPCop 1.4.0b3 iso file
> Reply-To: leaplist@lists.leap-cf.org
>
>
> For those of you at the meeting last night who wanted me to post the
location
> of the IPCop 1.4.0b3 iso files, here is a copy of the announcement
from March
> 29th of this year:
>
> IPCop 1.4.0 beta 3 is now up on SF.net for download
> (http://prdownloads.sourceforge.net/ipcop/). Most if not all reported
> bugs in beta2 have been fixed.
>
> It is now time to find as many bugs as you possible can. Please
report
> them on our sourceforge.net bugs section (under 1.4beta).
>
> MD5: d8f6d39622cd45ae8ea912665272d96d fcdsl-1.4.0b3.tgz
> MD5: dfdfd74f7a2276386d83f412af9d2278 ipcop-1.4.0b3.iso
> MD5: 3a8f373389e314f74725212cd84ebbeb ipcop-1.4.0b3.tar.gz
>
> --
>
> "Debugging is twice as hard as writing the code in the first place.
> Therefore, if you write the code as cleverly as possible, you are,
> by definition, not smart enough to debug it." - Brian W. Kernighan
>
Here are my sketchy notes from Phil's presentation last Thursday
night. Download 35 MB. SCSI support. 3 floppy images can be
made from the ISO if needed. You can back up the config from your
1.3.0 install and restore to the new one. Confirmation this works in
every case is sought.
On initial setup the Green NIC is found, and a modem for dialout.
Default is 192.168.x.1 You can set the TZ and disable ISDN (ISDN is a
feature of value to the European audience). IPcop now supports
FOUR NICs (Green/Private, Red/Public, Orange/DMZ and Blue/
Wireless. The wireless can be configured to allow access to outside
but not to your private or DMZ net. You need to probe for the NICs
after the green one, or select from driver list. DHCP assigns addresses
in descending mode. If you are on DSL and the DSL modem is not in
bridge mode, set to bridge mode, use PPPoE, the outside assigned
DHCP address goes to IPCop. Or use dynamic DNS. If IPCop is
the DHCP server, enable Pri DNS = local address. Use public as
secondary (e.g. 4.2.2.1). Your lease can be 600/1200 min at home.
Suggest using 60/120 if hosting an internet cafe etc. Set root and
admin password, then reboot. On reload, ident port is open, the
ident packet is dropped. Web access is http://ipcop:81 (resolves
own address) to get web interface. Set SSH cert. Set Blue for
wireless access. Blue access is firewalled; enter MAC of WL device.
Enable SSH access. NTP access from pool.ntp.org. IPCop will now
act as a NTP SERVER for your subnet if needed. Setup IDS on ALL
subnets, not just red. You can download new rulesets. You can open
port 445 to allow admin from outside. You can set QOS on the Red
interface only, such as: prioritize port 80, de-prioritize port 21. This
shapes TYPES, not Clients. Does not affect Blue/Green traffic.
Aliasing - you can bind up to 4 addresses to Red e.g. 4 port-80's
active at once; 4 servers on your DMZ can exist. You can edit the host
file to add redirects from unwanted sites to localhost. They have fixed
the DHCP lease by MAC so you can assign a specific MAC to a
specific IP not in the DHCP scope, so your laptop can stay on DHCP
always but get a specific IP whenever it is on your home private net.
The lease times are independently set. Graphing is much better and
shows traffic options, also things like mem use, swap use, day,week
month, year etc. IPCop will natively create VPN tunnel if used on each
end, transparent IPSec. (Forthcoming 1.5 will allow IPec and SSH
methods of tunnelling). You can control log rotation, kill/save beyond
one week; keep traffic graphs (use a big hard drive) and kernel logs.
You can as before see iptables conn log tracking; manually refresh,
Backing up the config is done to floppy or, now also to a tarball which
is exportable to another host; you can browse local machines to restore.
You can do dynamic DNS if eth1 is a real address (jsmith.dyndns.org)
IPCop is running today on a Class A subnetted range with 20,000
clients. You can set it up with a 64 MB CF FLASH to boot, use 128 MB
RAM partitioned 2 ways with write access to ramdisk.
Also discussed was Squid and cache management, MaxObjectSize
up to 100K
Phil also discussed Harbour Project www.harbour-project.org
which is database. I think I've rambled enough. Hope this is of some
interest. Bob F
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:51:58 EDT