basic_commands
encryption
error
imp_webmail_install
ipcop
kickstart
lazy_website
linux_config
network_logins
organisations
password_generator
smbpasswd_html
Network routing and firewalls |
| The easiest method to install a firewall is to use a preconfigured one with an inituitive GUI. A good example of this is IPCOP. This may be installed on an old desktop machines with either a USB modem and a network card, or two network cards if your Internet is presented with an ethernet interface. These can be obtained from ebay or elsewhere for £50 or less. |
IPCOP can be downloaded from the main site or from here. You can also do a network install if you have a network connection to the internet. Go to http://openapps.harkness.co.uk/IPCop/. Download rawrite and the .img files in the images directory and write these images to disk. If you run rawrite on Windows it will provide instructions. If you are using Unix / Linux the command is dd if=boot-1.2.0.img of=/dev/fd0 IPCOP once downloaded and installed either by burning an image to CD and installing from CD or by installing from floppy disk. There is good documentation on the IPCop website for the install of IPCop if you get stuck. The basis is that you have a red Interface (Nasty Internet) and a Green Interface (Friendly Internal network). The Red interface will normally either be provided by your Internet Service Provider in the case of a ethernet presentation. If you are using ADSL, then the IP address will normally be received dynamically. The Internal interface is normally assigned an agreed interface with the IT chaps responsible for the choice of an IP address. For this example I suggest we choose a private network 192.168.5.0/24. This provides 254 IP addresses from 192.168.5.1 to 192.168.5.254. The router (IPCop box) normally takes an address at one extreme, I prefer the first so we shall assign 192.168.5.1. During the installation you will be asked if you wish to start DHCP, the IPCop server makes a very useful DHCP server. It is also able to assign static IPs, which is useful for print servers etc. You may like to assign the range from 192.168.5.21-192.168.5.200 to DHCP. This allows for the first 20 IPs available for servers such as mail and back-up. You will also notice that there are free IPs above 200, this is left for print servers and spare IPs for other items. During the installation you will be asked for DNS / Name Servers, these IP addresses (not server names - it needs these IP addresses for which the query to change names to IPs) are normally supplied by your ISP. You will also be asked for the default gateway, this will be asked for if you are using an ethernet presentation for your Internet service (Not ADSL or modem). There are three usernames that you will be asked for passwords for, root, setup and admin.
A couple of screen shots of the web interface are here and here. Please note that this server should be checked weekly for the availability of system updates. There is also an email list on the site to keep one abreast of patches as they arise. Have a browse through the menus, it is all self explanatory. If you are using a web cache, IPCop can do that; however it can also use a forward cache, which is what we will use later when we do web filtering. If you do set up an additional http cache then this should be entered into the forward cache, including the port, which is by default 3128; http://webcacheipaddressorname:3128 |
|
|