« IPCop Part II - Cop+ and DansGuardianRandomSupport.com Domain »



Permalink 09:55:00 pm by guy, Categories: IPCop

Have you heard of IPCop? Neither had I until 6 months ago. I was looking for a solution (I was thinking internet content filtering software) that I could install on my kid’s PCs that would protect them from the “Naughty Sites” that are soooo easy to stumble upon out in the wild internet. My kids are too young to find them on purpose, I just don’t want to have my daughters researching “Dallas” for a geography report and have them finding “Debbie Does…” I watch the kids VERY closely and I’m actually usually right there with them, but I can’t ALWAYS be! I eventually stumbled upon IPCop and found that with some simple addons I could block the bad stuff at the gate for ALL my home network’s computers and do it without installing software on the individual computers!

All that, and it is free and open source software!

Follow up:

Do you have a firewall on your PC or your home network? Of course you do! Right?!? Even those of you who would answer “I don’t know” could probably answer yes if you checked with your local techie neighbor. It seems like pretty much every home network with high speed internet these days has a router/firewall/access point attached to the cable modem or DSL modem, that is a good thing. I would guess that this is generally installed more for the purpose of setting up a wireless network than for the firewall, but most people have it whether they know it or not in the form of their wireless access point.

I digress, this isn’t about firewalls. Well, not exactly… actually it is, but it isn’t what gets me all excited (perhaps I am easily excited). Let’s get back on track, IPCop, what is it?

IPCop is a Free Linux distribution (don’t be scared, it won’t hurt you!) that has been pared down to the absolute minimum required to allow you to convert an old PC that you thought was worthless into an industrial strength firewall for your home or office.

Here is some of the core functionality included “out of the box". The items in bold represent functionality you wouldn’t expect out of your typical off the shelf home firewall (Linksys, D-Link, etc):

  • DHCP Server
  • SNORT Network Intrusion Detection
  • DHCP client / server
  • Dynamic DNS
  • HTTP / FTP proxy (SQUID) - Reduces bandwidth and improves response times by locally caching and reusing frequently-requested web pages
  • Log local or remote
  • NTP client / server
  • SSH server (PSK or password)
  • Traffic shaping (red interface)
  • System memory, cpu, and disk access graphs by day, week, year
  • Bandwidth graphs by interface (Green, Red, etc.)

It also has the ability to be modified with PlugIns to enable additional functionality. Once you install it on an old PC you have a Network Security Appliance that you can hook up directly between your internet connection (Cable Modem or DSL or whatever) and your home network. Bottom line, ALL traffic to and from the internet MUST go through IPCop. That means that you can use IPCop to control what passes and what doesn’t. The basic functionality performs all the basic firewall functionality that you would have on your typical Linksys, Netgear, or whatever access point/router you bought at best buy. “Cool, but why build a computer to do what I can get for $50?” Well, for $50 you get a static device. With IPCop you can addon different tools and features. Examples:

  • Dan’s Guardian Content Filtering (Cop+) this alone makes this all worth it all to me!
  • User authentication and auditing
  • Bandwith Throttling
  • Transparent Virus and Spam Filtering
  • More and more

What do you need to make this all work? The IPCop web site says this:

IPCop runs on a dedicated box. It will run on old, or “obsolete” hardware, such as a 386 processor, 32Mb of RAM, and 300Mb hard disk. But if you plan on using some of IPCop’s features, such as the caching web proxy, or Intrusion Detection Logging, you are going to need more RAM, more disk space, and a faster processor.

A floppy disk is not required, but is useful for backing up and upgrading your system.

A CDROM drive makes it easy to install IPCop, but again is not required if you know how to install over your network using HTTP.

At least one Network Interface Card NIC is required. User feedback suggests that you get what you pay for; so fitting a good quality 10/100Mbps Ethernet card for the Green Interface is worth it. If you will be connecting to the Internet via a cable modem, you will need two NICs.

I run IPCop with an 800mhz machine with 256meg of RAM and a 20gig drive. This appears to be more than enough for my home network even with Cop+ installed.

There is so much more to say about IPCop and what it does and is capable of doing. I’m going to cut this introduction short here. I’m planning to next blog specifically about the Content Filtering addon COP+ which adds Dan’s Guardian to a standard IPCop installation.

I know I didn’t really get into the Cop+ addin that I am so obviously excited about. Don’t worry, I’ll be back with that followup along with a little Addon that I created for the Cop+ addon that allows you to easily create a password protected bypass of the content filter for users you would like to allow the privilege to.

May 2017
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
I'm a generalist, at least if I'm honest. In my job I am primarily a developer, but also a sysadmin, and (as little as possible) technical support. I know a little about a lot of things, a lot about some things, and everything about nothing. Here I will post random learnings...


XML Feeds

User tools

blog software