IPCop Polices the LAN - Page 2

 By Carla Schroder
Page 2 of 2   |  Back to Page 1
Print Article

Continued From Page 1

The Green zone, which is your private, internal LAN, can use the usual private non-routable addresses (192.168.1.x) and the usual netmask of, though of course you may customize this however you need.

Next, the installer will walk you through the rest of the installation. It's straightforward, there are only a few gotchas you need to look out for. Be sure to set your local time zone- then you'll always have the correct time. Selecting London or UTC means you'll have to correct the time manually.

When you are asked to select a domain name, this can be anything you want. It probably shouldn't be the same as your real domain name. If you have more than one IPCop server, you might use domain names like ipcop1.net and ipcop2.net.

Configuring the Red interface means you'll need your account information for your ISP (define). Because IPCop contains a DHCP client, you'll be able to share any ordinary account- you won't need an account that gives you a static IP. If you have a static IP, be sure to enter your ISP's DNS servers on the "DNS and Gateway" settings tab.

Now you may set up IPCop's DHCP server to serve your internal LAN. Enter as the "Primary DNS", and enter your lease range on the "Start Address" and "End Address" lines, and remember to check "Enabled."

When you are asked for a root and admin password, select them carefully. Strong passwords work! Also you must pay attention to the physical security of your IPCop box, because anyone with physical access to the box can easily re-set the root password.

Testing IPCop
IPcop will now reboot. When it is back up, you don't need to log in. Go to any PC on the same subnet and try to connect to the Web interface:

Most administration tasks are done via the Web interface. Use the admin login for the Web interface, and the root password for logging in directly to the IPCop box.

Re-Setting Passwords
If you lose the root password, re-setting it is very easy. Reboot IPCop via the Web interface (System -> Shutdown), then when you see the GRUB menu on the IPCop box hit the letter "a". Append the option "single" to the end of the kernel line, without quotes, then hit enter and IPCop will boot into single-user mode. Run passwd root to change the password, then restart IPCop.

You may change a lost admin password by editing the /var/ipcop/auth/users file, using vi /var/ipcop/auth/users. Delete everything to the right of the colon, log into the Web interface using "admin" and no password, and create a new password with System -> Passwords.

The first thing you should do is install all available updates. Install all of them, in order, using the System -> Updates tab of the Web interface.

You now have a fully functioning firewall/Internet gateway. Come back next week to learn how to set up a VPN, intrusion detection, allow access to public servers, wireless access, and more. Be sure to consult the excellent installation and administration manuals at IPcop.org.

This article was originally published on Apr 5, 2005
Get the Latest Scoop with Networking Update Newsletter