IPCop

Discussion in 'Technical' started by falko, May 6, 2005.

  1. falko

    falko Super Moderator Howtoforge Staff

    I've just tested IPCop (http://www.ipcop.org/), and I must say it's pretty cool! :) :)

    From their web site:
    Here's a partial list of features:
    Administration is done over an easy-to-understand web interface. And the best is: you can use old hardware for it (e.g. PentiumI with 32MB RAM and 800MB HDD)! :)
     
  2. domino

    domino New Member

    Yes, nice read. I was just reading over at the main page while looking for a DNS client for linux. It also support dynmic IP update at ZoneEdit and others. I think, once I have The webserver box stable, this is my next project.

    PS. LOL, I didn't realize this thread was old. But would like to get users input though.
     
  3. RocketScientist

    RocketScientist New Member

    I downloaded the ISO for that a while ago. I'm a little chicken to install it as of yet. Do I need to turn off NAT on my stupid little ActionTec DSL router?

    I'll be throwing it on a dual P133 IBM PC Server 320. I wonder if it will allow me to turn off the kids' access to the Internet at certain hours.
     
  4. falko

    falko Super Moderator Howtoforge Staff

    In fact, IPCop is a replacement for your router. So it's either IPCop or your router.

    Yes.
     
  5. linuxuser1

    linuxuser1 New Member

    Hi falko,

    In fact, IPCop is a replacement for your router. So it's either IPCop or your router.

    Does it mean it's not a reliable or secure firewall? or which other free firewall would you reommend

    Thanks.
     
  6. falko

    falko Super Moderator Howtoforge Staff

    It's a very reliable and very secure firewall! Why do you think it isn't?:confused:
     
  7. linuxuser1

    linuxuser1 New Member

    hi Falko,

    I was not trying to suggest that it's not secure. I was rather asking if it's secure. I have tried to install it sometime to compliment my other firewall but latter abandoned the idea.

    Thanks.
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Yes, it's secure and reliable. :)
     
  9. sbovisjb1

    sbovisjb1 Member HowtoForge Supporter

    Its a good distro for firewalling. But if you really want to stay EVEN more secure, use distros (this may get me in trouble for EVEN mentioning this ;) ) such as backtrack linux and the hackthissite gentoo live cd <-- hard to find. I know that i will get some dirty looks by saying this, but i have used the HTS live cd to search for security vulnerabilities in the past. It has about 50 programs that promote port scanning and the such, and they are all in the popular network languadges. It also comes with 200+ tutorials, so that you will never be stuck. To you the programs properly, you must scan/search/look for, a certain hole or "glitch" or vulnerability. The best way to go are with scanners that pick up real time info on what data is being transferred via the servers. Me and my friends have realized that if you use this on you're own system, you can fix up alot of problems very quick. Oh and Hackthissite was hacked and all its users passwords were stolen, so it proves that you can never be too safe ;). And the HTS live cd can be found on pirate bay.org.
     
  10. donanak

    donanak New Member

    Hey people, I'm very much interested in on this topic and want to contribute a little.
    Talking about ipcop, I think in my opinion it's the only firewall I was able to setup and play with. My quest for knowledge on firewalls came when I decided to host my own server (web/ftp/email/hosting) at home. For sometime, I couldn't find any ready made distro/firewall like ipcop so i tend to go with smoothwall express (http://www.smoothwall.org ).It was brilliant but they wouldn't support my Alcatel USB modem. I tried all the patches and everything, yet the same. I got their latest version of express codenamed Grizzly, which for some reason worked after one patch but it was a beta version and they've been quiet slow with update and more stable version.

    Then I found IPCOP, it met all my needs and was easy to intall. Falko as you can see, I dropped you and email but you asked if i could put it up here. I don't know which forum is the best to post my stuff. Can you help?

    IPCOP all the way but I'll give HTS a shot, if i find a copy.

    Thanks guys for your good work.
     
  11. falko

    falko Super Moderator Howtoforge Staff

    What kind of help do you need?
     
  12. donanak

    donanak New Member

    network setup

    I have an IPCOP box working fine. On the orange I've connected a box which will be my server. I installed Fedora Core 5 and assigned ipaddress 192.168.1.1 and on the Orange interface on the IPCOP the ip is 192.168.1.0 all with subnetmask of 255.255.255.0.

    My question: when I try to connect to the internet it report an error : page cannot be found.

    I put my IPCOP ip as the gateway to see if that will solve the problem but to my dismay, it's still the same error. I do not know if I have to do something somethere to fix this error.

    If i get help with this I can go on to install my server this weekend. Can I also use you howto guide for fedora core 5 x86_64 for just a x86 install as you mentioned that you'll need a tweak.

    Thanks
     
  13. falko

    falko Super Moderator Howtoforge Staff

    You cannot use 192.168.1.0 as IP address, it's reserved (network address), the same goes for 192.168.1.255 (broadcast address). Use another one.
     
  14. Leszek

    Leszek Member

    I like IP-Cop to.I used it quite some time ago and it works great on a very old computer (~300MHz/~196MB RAM/~100 computers).The only thing I'd need is an interface for setting/changing Ip Tables firewall rules.
    Does anyone know of an extension for IP-Cop (or some other way),which makes it possible?
     
  15. Elixa

    Elixa New Member

    Leszek - The only thing I'd need is an interface for setting/changing Ip Tables firewall rules. Does anyone know of an extension for IP-Cop (or some other way),which makes it possible?

    --------------------------------------------------

    Answer ... you need these two addons … for your IPCOP

    1. BlockOutTraffic-3.0.0-GUI-b2

    This addon is complicated & confusing in its rule writing ... but unlike its title suggests ... it is not just for blocking Out-Bound-Traffic. This addon has no major bugs … installs perfectly on most versions of IPCOP … and is a complete by-directional rule writer. As an extra BONUS (one of the few that can) … this addon handles every kind of IP format range. You can be very specific with your rules. Many have asked similar questions about how to block certain IP-ranges within their intranets. With this addon you can rule in or out almost anything.

    Note. For those taking this addon to the extreme … IP-Tables may only handle about 2500 rules before the rules go crazy … found this out personally using “BlockOutTraffic-3.0.0-GUI-b2” and “Iptablesgui-ipcop-0.1.0.

    2. Iptablesgui-ipcop-0.1.0

    With this addon you can see … in near real-time (as fast as you can click it)… exactly how your rules appear in IP-Tables. Modify the rules in BlockOutTraffic and then view this addon to see how they look. This is a very handy addon, overall … less any outside connections attempts (see below).

    --------------------------------------------------

    Iptablesgui --- For the more serious IPCOP users … References to an update within the cgi page … that doesn’t exist from the parent company … could be removed. Removing the update reference calls from the page increases the refresh speed of the page a little … and perhaps improves security of your IPCOP as well.

    After you have successfully installed “Iptablesgui-ipcop-0.1.0” …

    If you leave your iptablesgui.cgi … default, the way it is … when you refresh the Iptablesgui page …

    … your IPCOP will try to make a connection to … 87.169.30.220 "p57A91EDC.dip0.t-ipconnect.de"

    If you modify “iptablesgui.cgi” … IPCOP will not make any UN-necessary outside connections when refreshing the Iptablesgui page!!! Below … is a copy of “iptablesgui.cgi” with REM Statements “#” inserted before the update checks.

    cd /home/httpd/cgi-bin
    edit “iptablesgui.cgi”

    Start modification … Replace the entire contents with …
    --------------------------------------------------





    #!/usr/bin/perl
    #
    ################################################################################
    #
    # IPCop iptables Web-Iface
    #
    # Copyright (C) 2007 Olaf (weizen_42) Westrik
    #
    # This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
    #
    #
    # Dieses Programm ist freie Software. Sie können es unter den Bedingungen der GNU General Public License, wie von der Free Software Foundation veröffentlicht, weitergeben und/oder modifizieren, entweder gemäß Version 2 der Lizenz oder (nach Ihrer Option) jeder späteren Version.
    #
    # Die Veröffentlichung dieses Programms erfolgt in der Hoffnung, daß es Ihnen von Nutzen sein wird, aber OHNE IRGENDEINE GARANTIE, sogar ohne die implizite Garantie der MARKTREIFE oder der VERWENDBARKEIT FÜR EINEN BESTIMMTEN ZWECK. Details finden Sie in der GNU General Public License.
    #
    # Sie sollten ein Exemplar der GNU General Public License zusammen mit diesem Programm erhalten haben. Falls nicht, schreiben Sie an die Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA.
    #
    ################################################################################
    #
    # For support post / read in http://www.ipcop-forum.de
    #
    # $Id: iptablesgui.cgi 161 2007-05-18 14:07:45Z weizen_42 $
    #
    # 2007-03 created by weizen_42
    #

    use strict;

    # enable only the following on debugging purpose
    use warnings;
    use CGI::Carp 'fatalsToBrowser';

    use LWP::UserAgent;

    require '/var/ipcop/general-functions.pl';
    require "${General::swroot}/lang.pl";
    require "${General::swroot}/header.pl";

    my $version = 'v0.1.0';
    my $debug = 0;

    ##########
    ##################################################
    ## checking for new version
    ##my $addonname = 'iptablesgui';
    ##my $onlineversion = '';
    ##my $onlinelink = '';
    ##my $timestamplastcheck = '/var/ipcop/iptablesgui/lastcheck';
    ##my $flagdonotcheck = '/var/ipcop/iptablesgui/noversioncheck';
    ##################################################
    ##########

    my $option_table = '';

    my %cgiparams=();
    $cgiparams{'ACTION'} = ''; # refresh
    $cgiparams{'TABLE'} = 'filter'; # filter / mangle / nat / raw
    $cgiparams{'CHAIN'} = '';
    &Header::getcgihash(\%cgiparams);


    if ( $cgiparams{'ACTION'} eq $Lang::tr{'refresh'} )
    {
    }
    $cgiparams{'CHAIN'} = '' if ( $cgiparams{'TABLE'} eq 'BOT_FAQ_#11' );


    &Header::showhttpheaders();
    &Header::eek:penpage($Lang::tr{'iptablesgui title'}, 1, '');
    &Header::eek:penbigbox('100%', 'left');

    # Found this usefull piece of code in BlockOutTraffic AddOn :cool:
    # fwrules.cgi
    ###############
    # DEBUG DEBUG
    if ( $debug )
    {
    &Header::eek:penbox('100%', 'left', 'DEBUG');
    my $debugCount = 0;
    foreach my $line (sort keys %cgiparams) {
    print "$line = $cgiparams{$line}<br />\n";
    $debugCount++;
    }
    print "&nbsp;Count: $debugCount\n";
    &Header::closebox();
    }
    # DEBUG DEBUG
    ###############

    ##########
    ##################################################
    ##
    ## Check for new version
    ##
    ##&checkfornewversion($addonname, $version);
    ##if ( $onlineversion ne '' )
    ##{
    ## &Header::eek:penbox('100%', 'left', $Lang::tr{'info'});
    ## print <<END
    ##<table width="100%"><tr>
    ##<td>$Lang::tr{'iptablesgui newversion'} <a href="$onlinelink" target="_blank"><b>$onlineversion</b></a></td>
    ##</tr></table>
    ##END
    ##;
    ## &Header::closebox();
    ##}
    ##################################################
    ##########


    foreach my $table ( ("filter", "mangle", "nat", "raw", "BOT_FAQ_#11") )
    {
    if ( $cgiparams{'TABLE'} eq $table )
    {
    $option_table = $option_table ."<option value='$table' selected='selected'>$table</option>";
    }
    else
    {
    $option_table = $option_table ."<option value='$table'>$table</option>";
    }
    }

    &Header::eek:penbox('100%', 'left', $Lang::tr{'iptablesgui title'});

    print <<END
    <form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
    <tr><td width='20%' class='base'>Table:</td><td colspan='3'><select name='TABLE'>$option_table</select></td></tr>
    <tr><td width='20%' class='base'>Chain:&nbsp;<img src='/blob.gif' alt='*' /></td><td colspan='3'><input type='text' name='CHAIN' value='$cgiparams{'CHAIN'}' size='20' /></td></tr>
    </table>
    <hr />
    <table width='100%'>
    <tr>
    <td width='70%' class='base' valign='top'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td>
    <td width='30%'><input type='submit' name='ACTION' value='$Lang::tr{'refresh'}' /></td>
    </tr>
    </table>
    <hr />
    END
    ;

    my $output = '';
    if ( ($cgiparams{'TABLE'} eq 'BOT_FAQ_#11') || ($cgiparams{'CHAIN'} eq '') )
    {
    $output = `/usr/local/bin/iptableswrapper $cgiparams{'TABLE'} 2>&1`;
    }
    else
    {
    $output = `/usr/local/bin/iptableswrapper chain $cgiparams{'TABLE'} $cgiparams{'CHAIN'} 2>&1`;
    }
    $output = &Header::cleanhtml($output);

    (my @lines) = split(/\n/, $output);

    print "<pre>";
    foreach my $line ( @lines )
    {
    $line = substr($line, 0, rindex($line, ' ', 120)) . "\n" . substr($line, rindex($line, ' ', 120)) if ( length($line) > 120 );
    print $line ."\n";
    }
    print "</pre>";

    print <<END
    <hr />
    <table width='100%'>
    <tr>
    <td>&nbsp;</td>
    <td align='right'>
    <b><small><a href="http://www.ban-solms.de/t/IPCop.html" target="_blank">iptablesgui $version</a></small></b>
    </td>
    </tr>
    </table>
    </form>
    END
    ;
    &Header::closebox();

    &Header::closebigbox();
    &Header::closepage();

    ##########
    ##################################################
    ##sub checkfornewversion
    ##{
    ## my $addon = shift;
    ## my $version = shift;
    ## $onlineversion = '';
    ##
    ## if ( -e $flagdonotcheck )
    ## {
    ## return;
    ## }
    ##
    ## # only check if we are online and last check was some time ago
    ## if ( (! -e '/var/ipcop/red/active') || (-e $timestamplastcheck) && (int(-M $timestamplastcheck) < 5) )
    ## {
    ## return;
    ## }
    ##

    ###workaround to suppress a warning when a variable is used only once
    ## my @dummy = ( $General::version );
    ## undef (@dummy);
    ##
    ## my $ua = LWP::UserAgent->new;
    ## $ua->timeout(120);
    ## $ua->agent("Mozilla/4.0 (compatible; IPCop $General::version; $version)");
    ## my $content = $ua->get("http://ipcop-addons.ath.cx/version/$addon");
    ##
    ## if ( $content->is_success )
    ## {
    ## # compare the versions, format is v1.2.3
    ## $content->content =~ /v(\d+).(\d+).(\d+)/;
    ## my $ver1 = $1;
    ## my $ver2 = $2;
    ## my $ver3 = $3;
    ##
    ## $version =~ /v(\d+).(\d+).(\d+)/;
    ##
    ## if ( ($ver1 > $1) || (($ver1 == $1) && ($ver2 > $2)) || (($ver1 == $1) && ($ver2 == $2) && ($ver3 > $3)) )
    ## {
    ## $onlineversion = "v$ver1.$ver2.$ver3";
    ##
    ## $content->content =~ /http(.*)/;
    ## $onlinelink = "http$1";
    ## }
    ## else
    ## {
    ## # no news, recheck in a couple of days
    ## system("touch $timestamplastcheck");
    ## }
    ## }
    ##}
    ##################################################
    ##########




    --------------------------------------------------
    End modification … Replace the entire contents with …
     
  16. Elixa

    Elixa New Member

    guiports-1.6.2.tar.gz for IPCOP v1.4.21

    guiports-1.6.2.tar.gz

    From www.h-loit.de (www 'dot' h-loit 'dot' de) *(German only)

    Reposted here for those who cannot download from original source and …

    Included modification info below that is necessary for installation
    into IPCOP v1.4.20 ... updated to IPCOP v1.4.21

    This addon is a prerequisite to samba-0.2.1.tar.gz

    To use samba-0.2.1.tar.gz the default IPCOP access port must be changed from
    port 445 to something else … easily accomplished by using guiports-1.6.2.tar.gz

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Copy guiports-1.6.2.tar.gz


    to /tmp/bot1/ (example)

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Enter terminal command:


    tar -zxvf guiports-1.6.2.tar.gz

    (before next step ... see modification below)


    ./install -i

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    For ... IPCOP v1.4.20 ... updated to IPCOP v1.4.21


    edit 'install' ... line 245

    change '1.4.18' to '1.4.21'

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    To view and use the addon go to IPCop/System/Gui Settings/




    Enjoy ;-)
     

    Attached Files:

  17. Elixa

    Elixa New Member

    samba-0.2.1.tar.gz for IPCOP v1.4.21

    samba-0.2.1.tar.gz


    From www.h-loit.de (www 'dot' h-loit 'dot' de) *(German only)

    For those who cannot download from original source … good luck ... as 18 mb was too large to upload here.

    Included modification info below that is necessary for installation into IPCOP v1.4.20 ... updated to IPCOP v1.4.21

    To use samba-0.2.1.tar.gz the default IPCOP access port must be changed from port 445 to something else … easily accomplished by using guiports-1.6.2.tar.gz

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Copy samba-0.2.1.tar.gz


    to /tmp/bot1/ (example)

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Enter terminal command:


    tar -zxvf samba-0.2.1.tar.gz

    (before next step ... see modification below)


    Command had to be executed from the console. (local machine)


    ./install -i

    during install enter ... for example * (your personal network range) ... 192.168.0.0/16

    later ... in the gui (global settings, advanced view) ...

    ... allow ... 192.168.0.0/16 *(your personal network range ... could be different)
    ... deny ... 0.0.0.0/0 *(these settings keep access limited to your personal network)

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    For ... IPCOP v1.4.20 ... updated to (IPCOP v1.4.21)


    edit install ... line 705

    change '2.4.34' to '2.4.36'

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    To view and use the addon go to IPCop/Services/Samba Server/


    Check 'enable Samba Server ?' ...
    ... click 'save' ... then click 'start'.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    To login into the SWAT settings use the username and password for root user of IPCOP.

    If using BlockOutTraffic 3.0.0 - Build 3 ...
    Port 901 had to be opened ... 'IPCop access'

    Default shared folder 'files'

    Default username and password for shared folder 'samba:samba'




    Enjoy ;-)
     

    Attached Files:

  18. ernstavbro

    ernstavbro New Member

    this may sound stupid, but I cannot seem to find the link to download the ISO for IPCop!! When I go to ipcop.org, and click the download tab, i see the tgz files... ipcop-1.4.21-update.i386.tgz.gz and ipcop-1.4.21-sources.tgz...

    could somebody point me to the right direction?
    my apologies...
     
  19. Leszek

    Leszek Member

  20. rodar

    rodar New Member

    this thread has helped me a lot. thx to all.
     

Share This Page