Skip navigation.

exploreopera

| Help

Sign up | Help

Linux Users of the World Unite

Open to all who use or are interested in Linux

avatar

IPCop Gateway

By dragonbite. Wednesday, 9. July 2008, 17:04:16

ipcop A while ago I was struggling to get my old Dell GX110 CPU with 2 NIC cards to act as a firewall and DHCP server.  I thought by using a full-fledged Linux distro I would be able to later on add such things as Squid, or DansGuardian proxy server and content management controls.

Content filtering and logging is something that software seem to do one one level or another.  Microsoft Vista and the Trend Micro Internet security suite includes parental controls and content filtering options for Windows, plus DansGuardian can be installed on the kid's Edubuntu computer and even my laptop. That's not the issue. The issue is that the first one savvy enough to realize they can bypass it simply by running a LiveCD or  a distro on a USB stick instead of the protected operating system wins!  That is, of course, after thorough attempts at breaking into the controls on the system itself.

By placing these controls on a gateway for the entire household, not only do I protect my file server from being accessed by unwanted hackers, but I protect the entire household regardless of if the user is using the installed operating system or a LiveCD or even if somebody access the wireless network (which I hope to have in the near future). Combine this with making the modem and router physically inaccessible and then I can provide protected access through either the switch or wireless.

The people in the forums were very patient with me and tried to understand my questions as I muddled away trying to set up the gateway using the available documentation and miniscule networking knowledge. I got to the point where I almost had it, I think. That is until a friend at the computer club meeting told me about IPCop.

Actually he mentioned Smoothwall and IPCop, but admitted that he finds himself going back to IPCop. I took a look at it that night and saw the ISO download is rather small plus it facilitates DansGuardian and Squid as well as a scan utility.  That night I downloaded version 1.4.18  and copied it onto my USB drive.

Thankfully this friend also gave me some advice on setting up the system, and told me about IPCop's "zones"

IPCop has a number of zones [1];

  • Green for internal (safe)
  • Red for external, or the internet (unsafe)
  • Blue for wireless (lock down so cannot access Green zone except through VPN or controlled "pinholes")
  • Orange for publicly accessible servers (cannot access Green or Blue networks except vial controlled "pinholes") such as mail or web servers

I don't have wireless yet, so I opted for Green + Red zones with one NIC being assigned to each. When I do get wireless then I can either add it to the Green zone and try to lock it down as much as possible, or add it to the Blue zone and lock the wireless access point to bare minimums.

The other piece of information he provided that was a big help is setting the IP address and range.  I foolishly was trying to set up all of the IPs in the same sub-domain as the DSL modem (192.168.1.x). He gave me a suggested internal IP sub-domain of 10.0.7.x  and leaving the external IP with 192.168.1.x.

IPCop also runs a DHCP server, so I can manage to have

With this knowledge in hand I gave installing IPCop a go, and installed it on over my previous attempt.

The installation was very easy, took less than 30 minutes and that's with the installer scanning the NICs to determine it the internal is eth0 or eth1. It helped that I already knew the static IP addresses for the router/gateway, the modem and the server.

Once it is installed and the passwords are set you don't need the keyboard or monitor hooked up to the gateway because it includes a web interface for configuring things.  You just have to remember the passwords you entered for each of the different roles (3 I think).

I feel so much better knowing I've got the gateway and firewall up to protect my network. Now my next excursion is going to be installing DansGuardian content filtering and parental controls. This looks to need to install  the (Unofficial) IPCop Firewqall Addon Server, which seems to include an easy manner to navigate the available addons which I see  DansGuardian being listed as Cop+. Considering the added interest in the Internet by my son, I best get this installed and working quickly.

0 Comments

avatar

For anyone who thinks Linux gurus are snobs!

By LadyArtane. Tuesday, 24. June 2008, 01:01:29

Sometimes people I know don't want to ask for help from a Linux guru because they feel they are being talked down to or made to feel bad for not being more knowledgeable. I have no problem whatsoever admitting I am a seriously new newb...I have had Linux now since March..not long..but I can definitely say that not all advanced Linux users are like that..at all!! In fact..I did a review on Linux Mint 5..and Clem himself wrote a review..on my review!! He also commented nicely on my blog as well! So don't be afraid to ask a guru for help..I know the folks at Linux Mint are especially helpful!

My 15 minutes of fame!

4 Comments

avatar

Um

By LadyArtane. Monday, 9. June 2008, 23:37:10

*hangs her head in shame and waits for the laughter*
How does one vote on the poll exactly?
:whistle:

2 Comments

avatar

Ubuntu 8.04 LTS Experiences (review)

By dragonbite. Thursday, 29. May 2008, 16:29:01

ubuntu Yes, I was one of the throngs of people waiting for Ubuntu 8.04 LTS (or Hardy Heron) to become available to download and install.  It was exciting to see what improvements they have come up with and what is new on this distribution!

The download took a while but finished without incident and burned onto the CD easily enough.  I've been using wget for downloading instead of Mozilla Firefox lately because it seems to continue it's download even when I am not logged in which can be very handy if I need to get off the system and don't want to leave it logged in for security reasons (my now-6 years old is starting to scare me with his explorations into configuring his desktop).

I installed it onto my Dell Inspiron D400  and had it take over the entire disk since this has the best chance of being my "primary OS". It didn't go fully the first time but I believe it was the second time along that it worked without any issues, flaws or hiccups. For the record I have been checking the CD Media before installing and it passed with flying colors.  After running installations with bad CDs (even from ShipIt!), you learn to take the time and check the CD because it's better to waste your time in the beginning than it is to try and try again.

So with my newly installed Ubuntu on my laptop I started the usual pre-flight.. does everything work?

Of course it doesn't, but that is expected because the wireless is provided by Broadcomm, whose drivers cannot be shipped with linux because it is not open source. I will say, though, that Ubuntu makes adding those drivers very easy with it's "Restricted Drivers" utility.  As long as you have it plugged into the Internet (which I did) you just check the box and it will do the rest with a couple of prompts. Basically the prompts are for legal reasons, so it isn't something to worry about.  After that was complete I had wireless available.

After updating Synaptic I was ready to start installing applications I want. The usual get-you-started applications are already installed; Firefox 3.5 beta, Pidgin, Evolution, Gimp, Open Office, etc. For people not in countries tied by patents on codecs and that whole mess there is an easy way to install what is needed to play common formats and it is available in Synaptic (or Adept or command line). Just pick the appropriate one for your system; ubuntu-restricted-extras, kubuntu-restricted-extras or xubuntu-restricted-extras.

I have run across only one issue so far. When  I click on an application which requires sudo, if I don't get the prompt for the password right away, then the application never launches. To rectify this all I have to do is click on the application one more time and it comes up as expected. Not a killer, just a mild annoyance.

So as usual, other than having to kill yourself trying to figure out what you need to install to play one format or another (legally) you can have the whole system up and running without even having to go into the command line once! A definite improvement.

3 Comments

avatar

Happy Anniversary!

By 67shelby. Wednesday, 28. May 2008, 18:59:59

I have now been officially using Linux for an entire year! My current distros are Debian Etch, Linux Mint Daryna and Mandriva Spring 2008.1. Does anyone think I'll get a door prize for the accomplishment? Anyway, :cheers: to my fellow Linux users. Freedom is a beautiful thing! :smile:

4 Comments

avatar

I almost forgot I had a review for PCLinuxOS Gnome Remaster

By LadyArtane. Wednesday, 14. May 2008, 07:40:03

I just about forgot about it entirely lol..about a week and a half ago, I got my hands on the Gnome Remaster of PCLOS which I had been eagerly awaiting...rather than repeat myself needlessly here is the link for that review, which also includes my first review of Linux Mint, which has me pretty well sold...
PCLinuxOS Gnome and Linux Mint Review

And can someone add Linux Mint to the poll? LOL

0 Comments

avatar

Linux Mint 5 Beta is OUT!

By LadyArtane. Wednesday, 14. May 2008, 07:23:32

Woohoo! Linux Mint 5, codenamed Elyssa this time is out in Beta version!!! There are some awesome new changes, especially to the Mint Menu and Mint Install and many applications have been added to the Software Portal..Rhythmbox has replaced both Amarok and Sound Juicer (which is my only complaint because I really hate Rhythmbox) and Brasero has replaced Serpentine (yay!) There is also a separate file browser for doing work in root so that it looks different enough for you to remember it is root and not bork your system lol!! There are also new right click options, such as when searching through images being able to use it as the desktop and there is an uninstall option for those of us "tweakers" who find searching Synaptic over and over a tedious process....I can hardly wait to get my hands on the final...Good job Clem and the team at Linux Mint and congratulations! For those interested, here is the link for the release notes for this Beta ---> Linux Mint Elyssa

I would like to have added a link to Linux Mint..it said links submitted by group members but it wouldn't let me (boo! P:) so I guess I will just post it here :smile: Linux Mint and here is a screenshot of my Linux Mint desktop (well, currently that is :wink: )

1 Comment

avatar

Excitment coming your way!

By dragonbite. Monday, 21. April 2008, 02:38:58

, , , ...

Some new versions of popular distributions are coming very soon! It starts with Ubuntu 8.04 LTS (Hardy Heron), followed by Fedora 9 and after a pause openSUSE 11.0 is coming to town! Each is bringing their own collection of fun, improvements and enhancements!

Read more...

2 Comments

avatar

Linux newb here

By LadyArtane. Saturday, 12. April 2008, 19:40:17

Hi everyone..
I finally got fed up enough with Windoze to try something new and so I have been using GNU/Linux for about 3 weeks now..yeah, a serious newb lol...
I was looking for a place where I could come and learn more about my new OS so I don't screw up too much (more than I already have)
Thanks for having me.......
Pattycakes

2 Comments

avatar

Sears is the latest to sell low cost Linux computers

By 67shelby. Thursday, 17. January 2008, 19:26:18

,

New low-cost Linux computer runs Freespire 2.0

0 Comments

1 2 Next »

Showing posts 1 - 10 of 19.

Photos

tuXperience.jpgtuXper-alt.jpglinux-tux-born-2-frag-XP.jpg