plugtmp-1 ipcop installation and management

IPCop Installation andManagement

By: Kritsada Pinato (Bugfly)

Introduction to IPCop• What is IPCop ?

– IPCop is a firewall; first, last and always.– IPCop is a specialized Linux Distribution;

complete, configured, and ready to protectyour network.

– IPCop is a community; where members helpeach other, all sharing to improve the projectand each other.

Features of IPCop• A secure, stable and highly configurable Linux based firewall• Easy administration through the built in web server• A DHCP client that allows IPCop to, optionally, obtain its IP address from

your ISP• A DHCP server that can help configure machines on your internal network• A caching DNS proxy, to help speed up Domain Name queries• A web caching proxy, to speed up web access• An intrusion detection system to detect external attacks on your network

Features of IPCop• A VPN faclity that allows you to connect your internal network to

another network across the Internet, forming a single logical networkor to securely connect PCs on your BLUE, wireless, network to thewired GREEN network

• Traffic shaping capabilities to give highest priority to interactiveservices such as ssh and telnet, high priority to web browsing, andlower priority to bulk services such as FTP.

• A choice of four kernel configurations, allowing you to choose anoptimum configuration for your circumstances.

Preparing to Install• Decide on your configuration.

– Network interfaces• IPCop defines up to four network interfaces, RED, GREEN, BLUE

and ORANGE.– RED Network Interface– GREEN Network Interface– BLUE Network Interface– ORANGE Network Interface

Basic network design

NIC Requirements

4 NICs(O,B,G,R)

3 NICs (O,B,G)3 NICs(O,B,G)

3 NICs (O,B,G)RED,ORANGE,BLUE,GREEN

3 NICs (O,G,R)2 NICs (O,G)2 NICs(O,G)

2 NICs (O,G)RED,ORANGE,GREEN

3 NICs (B,G,R)2 NICs (B,G)2 NICs(B,G)

2 NICs (B,G)RED,BLUE,GREEN

2 NICs (G,R)1 NIC (G)1 NIC (G)1 NIC (G)RED,Green

EthernetUSB ADSLISDNModemConnection

Network Configuration Types• GREEN (RED is modem/ISDN)

• GREEN + RED (RED is Ethernet)

• GREEN + ORANGE + RED (RED is Ethernet)

• GREEN + ORANGE (RED is modem/ISDN)

• GREEN + BLUE + RED (RED is Ethernet)

• GREEN + BLUE (RED is modem/ISDN)

• GREEN + BLUE + ORANGE + RED (RED is Ethernet)

• GREEN + BLUE + ORANGE (RED is modem/ISDN)

Installation

Installation• After a few seconds, the

language selection screen willappear.

• Welcome screen.

Installation• The next screen simply informs

you of how to abort the installation.“ Select the Cancel and press theEnter key. ”

• The next dialog box lets youchoose the installation media.Since you are installing fromCD-ROM, select it, tab to theOk button and press the Enterkey.

• Your final warning appearsnext.

• After you select Ok and pressEnter on this screen all of thedata on your hard drive will beerased. To abort theinstallation, select Cancel andpress the Enter key.

• Next IPCop will format andpartition your hard drive. Thenit will install all its files.

• At this point, you have the optionof restoring files from an IPCopbackup floppy.

• To do the restore, place thebackup floppy in the floppy diskdrive and select Restore andpress the Enter key. Otherwise,select Skip and press the Enterkey.

• Next IPCop will begin setting upyour GREEN (local) networkinterface.

• If you specify Probe, above,the following screen willappear:

• IPCop will now configure itsinternal network address, theGREEN interface.

• All of IPCop has now beeninstalled on your hard drive.The following screen willappear. Remove the IPCopCD from your CD drive and, ifpresent, the bootable floppyfrom the floppy drive. SelectOk to continue.

• The first screen allows you toconfigure your keyboard.

• The next screen, above, asksfor your time zone.

• You must then configure yourIPCop machine's hostname.

• You must then configure yourIPCop machine's domainname.

• If you do not have an ISDNcard, select Disable ISDN, andsetup will continue withnetwork setup.

• Next you will configure yournetwork interfaces. The NetworkConfiguration Menu will take youthrough the steps necessary toconfigure them.

• As mentioned, there are fournetwork interfaces supported byIPCop, RED, GREEN, BLUE andORANGE.

• When you select Ok, you will bereturned to the NetworkConfiguration Menu . Tab to theDrivers and card assignments line,select it and press the Enter key.

• If you have ORANGE and/orBLUE networks, repeat the driverconfiguration steps you used toconfigure your GREEN interface. Ifyour RED interface uses anEthernet connection, configure it,too.

• If your RED interface does not usean Ethernet connection, skip tothe discussion about configuringadditional network interfaces.

• After installation.

• First page.

Configuration

• System: System configuration and utility functions associated with IPCop, itself.• Status Displays detailed information on the status of various portions of your IPCop

server.• Network Used for the configuration/administration of your dial-up/PPP settings.• Services: Configuration/Administration of your IPCop server's many Services options.• Firewall: Configuration/Administration of IPCop's firewall options.• VPNs: Configuration/Administration of your IPCop server's Virtual Private Network

settings and options.• Logs: View all your IPCop server's logs (firewall, IDS, etc.)

System Web Pages• Home — Returns to the home page.• Updates — Allows you to query and

apply fixes to IPCop.• Passwords — Allows you to set theadmin and optionally, the dial

password.• SSH Access — Allows you to enable

and configure Secure Shell, SSH,access to IPCop.

• GUI Settings — Enables or disablesthe use of JavaScript and allows youto set the language of the web display.

• Backup — Backs up your IPCopsettings either to files or to a floppydisk. You can also restore yoursettings from this web page.

• Shutdown — Shutdown or restart yourIPCop from this web page.• Credits—This web page lists the many

volunteers and other projects thatmake IPCop so great.

• The Passwords subsection ofthis AW is present to allow youto change the Admin and/orDial User passwords

• The SSH subsection of thisAW allows you to decide ifremote SSH access isavailable on your IPCop serveror not.

Backup to Floppy• The top section of the panel of the

Backup Web Page will let youback up your IPCop configurationto a floppy disk.

Backup to Files• The rest of the panel allows you to

create multiple Backup Sets, andto select different media ontowhich you can save the files. Thedefault is IPCop's hard drive, butremovable usb-stick devices aresupported.

Shutdown• Press one of the Reboot or Shutdown buttons toimmediately reboot or halt the IPCop server.

Schedule IPCop reboots• The ability to schedule reboots or shutdowns was addedin version 1.4.10. A cronjob is added to root's crontab.

Status Web pagesStatus Menu• System Status• Network Status• System Graphs• Traffic Graphs• Proxy Graphs• Connections

• System StatusThe Status pages present youwith a VERY thorough list ofinformation regarding the currentstatus of your IPCop server.Services - Displays whichservices are currently running.Memory - Displays thememory/swapfile usage on yourIPCop server.Disk Usage - Displays thetotal/used amount of hard drivespace on your IPCop server.Uptime and Users - Displays theoutput of the uptime commandand information on users currentlylogged in on the IPCop server.Loaded Modules - This displaysall modules currently loaded andin use by the kernel.Kernel Version - This displaysinformation on the IPCop Kernelitself.

• Network StatusInterfaces - This section displaysinformation on all your networkdevices. This includes PPP,IPSec, Loopback, etc.

Current Dynamic Leases-Displays the contents of the/var/state/dhcp/dhcpd.leases fileif DHCP is enabled.

Routing Table Entries-

ARP Table Entries-

• System GraphsClick on one of the fourgraphs (CPU Usage,Memory Usage, SwapUsage and Disk Access)to get graphs of theusage per Day, Week,Month and Year.

• Traffic GraphsThis page gives a graphicdepiction of the traffic inand out of the IPCop box.

• Proxy GraphsThis page shows trafficthrough the proxy serviceof the IPCop box.

• ConnectionsIPCop uses the LinuxNetfilter or IPTablesfirewall facility tomaintain a statefulfirewall.

• NetworkDialUP-This subsection of theDialup Administration Window(AW) is divided into 5 differenteditable sections and is onlyapplicable if you are accessing theInternet using an analog modem,an ISDN device or a DSLconnection.Upload-Use this page to downloadthe files necessary for supportingvarious modems to your desktopmachine, and then upload it toyour IPCop server.Modem-configuration yourmodem.Aliases-This Administrative WebPage will only appear as a menuitem if your RED interface isSTATIC.In some cases, your ISP mayassign you a range of IPaddresses for your network.

Aliases

Services• Proxy (Web Proxy Server)

– A web proxy server is aprogram that makesrequests for web pages onbehalf of all the othermachines on your intranet.

• DHCP Server– allows you to control the

network configuration of allyour computers or devicesfrom your IPCop machine.

DHCP Configuration

Dynamic DNS Administrative Web Page

• Service– Choose a DYNDNS provider from the dropdown. You should have already

registered with that provider.• Behind a proxy

– This tick box should be ticked only if you are using the no-ip.com service andyour IPCop is behind a proxy. This tick box is ignored by other services.

• Enable wildcards– Enable Wildcards will allow you to have all the subdomains of your dynamic DNS

hostname pointing to the same IP as your hostname (e.g. with this tick boxenabled, www.ipcop.dyndns.org will point to the same IP as ipcop.dyndns.org).This tick box is useless with no-ip.com service, as they only allow this to beactivated or deactivated directly on their website.

• Hostname– Enter the hostname you registered with your DYNDNS provider.

• Domain– Enter the domain name you registered with your DYNDNS provider.

• Username– Enter the username you registered with your DYNDNS provider.

• Password– Enter the password for your username.

• Enabled– If this is not ticked then IPCop will not update the information on the DYNDNS

server. It will retain the information so you can re-enable DYNDNS updateswithout reentering the data.

• Edit Hosts (Local DNS Server)– Host IP Address

• Enter the IP address here.– Hostname

• Enter the host name here.– Domain name (optional)

• If the host is in another domain then enter it here.– Enabled

• Check this box to enable the entry.When you press Add, the details will be saved.

• Time Server– IPCop can be configured to

obtain the time from a knownaccurate timeserver on theInternet. In addition to this itcan also provide this time toother machines on yournetwork.

• Traffic Shaping– Traffic Shaping allows you to

prioritize IP traffic movingthrough your firewall.

• Intrusion Detection System– IPCop can monitor packets on the Green, Blue,

Orange and Red interfaces. Just tick the relevantboxes and click the Save button.

• Firewall Menu– Port Forwarding– External Access (Controls remote administration of IPCop from

the Internet)– DMZ Pinholes– Blue Access (Connecting a Wireless Access Point to IPCop)– Firewall Options

Traffic Flow

• Port Forwarding– This subsection allows you to configure the Port Forwarding settings for

IPCop.– When added you will now notice that there is a new entry under the port

forward in the table.– Other things to note:

• We support the GRE protocol.• You can have port ranges and wildcards. Valid wildcards are:• * which translates to 1-65535• 85-* which translates into 85-65535• *-500 which translates into 1-500

• External Access– External Access only controls access to the IPCop

box. It has no affect on the Green, Blue or Orangenetwork access. That is now controlled in the PortForwarding section, see above.

• DMZ Pinholes– A DMZ or Demilitarized Zone (Orange zone) is used as a semi-

safe interchange point between the external Red Zone and theinternal Green zone.

– The DMZ allows them to share servers without allowing undueaccess to the internal LAN by those in the Red Zone.

• BLUE Access– Use a supported Ethernet card to setup the Blue interface.– Connect an Access Point to that Ethernet card. (Use the LAN Ethernet

port on the AP, if you have a choice of ports).– You can use DHCP to serve dynamic or static addresses on Blue,

although static is preferred for security of MAC addresses. Refer tothe DHCP Server section for more information on configuring staticleases.

• Current DHCP leases OnBLUE

• Firewall Options– No - IPCop responds to

ping requests on anyinterface. This is the defaultbehaviour.

– Only RED - IPCop does notrespond to ping requestson the Red Interface.

– All Interfaces - IPCop doesnot respond to any pingrequests on any interface.

• VPNs with OpenVPN-Global settings, thats what we first start to configure-Certificate Authorities, this part will be explainedlater

http://home.arcor.de/u.altinkaynak/howto_openvpn.html

Logs Menu• Logs Settings• Log Summary• Proxy Logs

– This page provides you withthe facility to see the files thathave been cached by the webproxy server within IPCop.

• Firewall Logs– This page shows data packets

that have been blocked by theIPCop firewall.• IDS Logs

– This page shows incidentsdetected by the IPCopIntrusion Detection System(IDS).

• System Logs– This page allows you to view

the system and othermiscellaneous Logs.

• Proxy Logs– The Source IP: dropdown box allows you selectively look at web proxy activityrelated to individual IP addresses on the local network, or the activity related to

ALL machines that have used the proxy.– The Ignore filter: box allows you type in a regular expressions text string to definewhich file types should be omitted from the web proxy Logs. The default string

hides image files (.gif, .jpeg, .png & .png), stylesheet files (.css) and JavaScript files(.js).

– The Enable ignore filter: tick box allows you to control whether the Ignore filter: isactive or not.– The Restore defaults button allows you to return the above controls and filters totheir defaults.

• Firewall Logs– This page shows data packets that have been

blocked by the IPCop firewall.

• IDS Logs– The Date: and time of the incident.– Name: - a description of the incident.– Priority: (if available). This is the severity of the incident, graded as 1 ("bad"), 2 ("not too

bad"), & 3 ("possibly bad").– Type: - a general description of the incident (if available).– IP Info: - the IP identities (address & port) of the source and target involved in the incident.

Each IP address is a hyperlink, which you can use to perform a DNS lookup for that IPaddress and obtain any available information about its registration and ownership.

– References: - hyperlinked URLs to any available sources of information for this type ofincident.– SID: - the Snort ID number (if available). "Snort" is the software module used by IPCop to

provide the IDS function, and SID is the ID code used by the Snort module to identify aparticular pattern of attack. This parameter is hyperlinked to a web page carrying the relevantentry on the Snort database of intrusion signatures.

• System Logs– IPCop (default) - general IPCop events like PPP profile saving and connection("PPP has gone up on ppp0 ") and disconnection ("PPP has gone down on ppp0 ")

of dialup modem links.– RED - traffic sent over the interface that is providing the PPP interface forIPCOP.– DNS - shows a log of activity for dnsmasq, the domain name service utility.– DHCP server - shows a log of activity for the DHCP Server function within IPCop.– SSH - provides a record of users who have logged in to, and out of the IPCop

server over a network via the SSH interface.

– NTP - shows a log of activity for the ntpd Server function.– Cron - provides a record of activity of the cron daemon.– Login/Logout- provides a record of users who have logged in to, and out of the

IPCop server. This includes both local log-ins and logins over a network via theSSH interface.

– Kernel - is a record of kernel activity in the IPCop server.– IPSec - is a record of activity of IPSec - the VPN software module used by IPCop.– Update transcript - is a log of the results of any updates applied to the IPCop

software via the System > Update window.– Snort - shows a log of activity for Snort, the Intrusion Detection System.

END.