Categories

Archives

Elsewhere

     
       

IPCop Firewall

Reproduced from my old zorg.org site.

Updated for IPCop 1.2.0 and Smoothwall GPL 1.0

IPCop LogoIPCop is a Linux firewall distribution that takes an old pc and turns it into a dedicated firewall appliance. It offers advanced features such as IPSec VPN support and is of course licensed under GPL.

IPCop is actually a fork of the GPL 0.9.9 version of Smoothwall and hence the two are very similar in many ways. IPCop does however offer more functionality in several areas that are only addressed in the commercial version of Smoothwall and some that Smoothwall
does not offer at all.

IPCop offers an IPChains based firewall with DHCP server, caching DNS, the Squid web proxy,
Snort intrusion detection system, port forwarding, DMZ support and IPSec based VPN support using
FreeS/WAN. There is an easy to use web-based admin interface and an SSH server is also available.

There is support for up to 3 network interfaces and the external or RED interface can be an ethernet card, an analogue modem, an ISDN modem or even a USB ADSL modem. The GREEN interface is a connection to your internal ethernet network and an optional ORANGE interface provides the facility of a DMZ or de-militarised zone where internet facing servers may be located. The use of a DMZ offers additional protection of your GREEN network should a server in the DMZ be compromised.

As well as general operation and configuration the web interface allows viewing of four different types of logs: IPCop, Squid web proxy, firewall and Snort intrusion detection. The status pages also allow viewing of traffic graphs and proxy graphs.

Hardware Requirements

IPCop doesn’t require the latest PC hardware to run, an old Pentium with 32Mb RAM and a 1Gb hard disk will be more than adequate although more memory would be a benefit if using the squid web cache. The minimum requirements listed by the IPCop team are a 386 with 8mb RAM and a 100Mb disk although it is mentioned that some people have had trouble installing in less than 20Mb. Once the installation has been completed the system can then be managed via the web interface so a keyboard and monitor are no longer required.

Getting it and installing it

IPCop is available from the IPCop Web site as a 22MB ISO image. Installation is very straight forward and can be run from CD or via HTTP if you have a local web server running. A complete system including configuration can be up and running in as little as 15 minutes, any updates are notified and installed through the web interface.

Support

Support is available through the Mailing Lists or irc on #ipcop on irc.openprojects.net

IPCop/Smoothwall Feature Comparison
IPCop
1.2
Smoothwall
GPL 1.0
Smoothwall
Corporate Server 2.0
Kernel
2.2.23
2.2.23
2.2.23
Filesystem
ext3
ext2
ext3
Number of Interfaces
3
3
3
Caching DNS
dnsmasq
dnrd
dnrd
Hard disk types supported
IDE
IDE
IDE/SCSI
DHCP Server
Yes
Yes
Yes
Static DHCP Leases
Yes
No
Yes
Squid Web Proxy
Yes
Yes
Yes
Squidgraph
Yes
No
No
Snort Intrusion Detection System
Yes
Yes
Yes
Port Forwarding
Yes
Yes
Yes
DMZ Pinholes
Yes
Yes
Yes
IPSec VPN
Yes
Yes
Yes
Configuration backup/restore
Yes
No
Yes
NTP Synchronisation
Yes
No
Yes
Aliasing on Red interface
Yes
No
Yes
Alcatel USB ADSL Support
Yes
Yes
Yes
Pulsar PCI ADSL Support
Yes
No
No
Dial on demand ADSL
Yes
No
No
Dynamic DNS Support
Yes
Yes
Yes
Web Based Interface
Yes
Yes
Yes
Adverts in Web Interface
No
Yes
No
Licence
GPL
GPL
Proprietary
Cost
Free
Free
£125

Conclusion

If you only need the two or three interfaces IPCop caters for then it makes the perfect firewall solution for your network. IPCop is very well featured and the web interface is clear and easy to use, installation is simple, hardware requirements are low and best of all it is free in both the free beer and free speech contexts.

In my opinion there is no reason to choose Smoothwall GPL over IPCop considering the additional features offered by IPCop and Smoothwall’s ‘in your face’ advertising for their corporate product together with the attitude of some of their developers.

I think these sort of appliance distros are an excellent idea and I hope we will see more of these sort of things in the future.

Links