IPCop questions

[takt]

I'll have time in the weeks to come, and always wondered about starting my own IPCop box.

(#1) Are these specs going to handle massive traffic (say 5-7 boxes doing random internet activities from web to P2P to data transfering over the network etc)?
Pentium Pro 200
64MB RAM
CD-ROM
2GB HD
3 NICs

(#2) How will this hold up if I decide to do VPN or use ClamAV / F-Prot antivirus network scanning? Will it still be tough as nails and not choke?

I read this guide: Perfect Linux Firewall Guide (IPCop) and where it says I need 3 NICs, (#3) is it possible to have two segments of secure (Green) networks?

Reason I ask this is because I have two Linksys Routers that would act as switches to different points in my house, and 1 router can't support all 7 boxes.

If I do it this way with two routers each with 192.168.1.x and 192.168.2.x, (#4) is there any way that I could do network shares with a computer on each segment?

Not really looking to spend more $$$, just to work with what I have.

Thanks!

 

[Malk-a-mite]

If anything - scrouge up some more memory and you should be good

 

[takt]

So everything else should be easily configurable?

What about network sharing over the two segments of networks?

 

[YeOldeStonecat]

I'm wondering why you want to make 2x networks in your house if you want to have them all be the same network.

 

[takt]

What could I do instead? I'm really open to any suggestions.

EDIT: I've been digging around these forums and found others mentioning FREESCO. How does that stack up against IPCop? Will I be able to use the features the poster of this thread (nTop and MRTG! Yay!) used?

Basically any firewall/router that would run decent with my hardware?

 

[tripex]

I dont know if this is possible but it would be better for you, imho.

1st nic = connected to the net
2nd nic = connected to switch1, with ip address 192.168.1.1
3rd nic = connected to switch2, with ip address 192.168.1.2

The DHCP address pool would be something like 192.168.10-100 .

 

[movax]

You'll definitely want more RAM. My current ipcop is a P2-400, 384MB RAM, handles gigabit routing fine inside house.

 

[Party2go9820]

What could I do instead? I'm really open to any suggestions.

Just only use the switch ports of your routers. Your entire house would then be on one network.

1) Make sure DHCP is only enabled one one device - IPcop, router 1 or router 2 doesn't really matter, but having two DCHP servers will make you tear your hair out.
2) Connect internet to IPCop via "red" interface.
3) Connect IPCop to router 1 switch via "green" interface.
4) Connect Router 1 to Router 2 with a cross over cable. (Switch port to Switch port. Do not use the WAN interface on either router)
5) Connect other boxes to remaining switch ports on routers 1 and 2. Again, do not use the WAN interface for anything.
6) Profit.

Now that I think about it, you wouldn't even need the IPCop box assuming you were ok with one of your routers being your firewall.

 

[takt]

You'll definitely want more RAM. My current ipcop is a P2-400, 384MB RAM, handles gigabit routing fine inside house.

I'm looking on ebay for more RAM, but I'm unsure of which type I need. I know it's EDO RAM, but not sure how many pins etc?

Just only use the switch ports of your routers. Your entire house would then be on one network.

1) Make sure DHCP is only enabled one one device - IPcop, router 1 or router 2 doesn't really matter, but having two DCHP servers will make you tear your hair out.
2) Connect internet to IPCop via "red" interface.
3) Connect IPCop to router 1 switch via "green" interface.
4) Connect Router 1 to Router 2 with a cross over cable. (Switch port to Switch port. Do not use the WAN interface on either router)
5) Connect other boxes to remaining switch ports on routers 1 and 2. Again, do not use the WAN interface for anything.
6) Profit.

Now that I think about it, you wouldn't even need the IPCop box assuming you were ok with one of your routers being your firewall.

So this method requires only 2 NICs?

How can I tell if I have a crossover cable? I've got billions of Cat5, but not sure whether they are crossover.

Do you think setting up the IPCop box is worth it over the built-in router firewalls? Power consumption is another factor I guess.

Is it possible to assign Static IPs within this setup?

 

[Party2go9820]

So this method requires only 2 NICs?

How can I tell if I have a crossover cable? I've got billions of Cat5, but not sure whether they are crossover.

Do you think setting up the IPCop box is worth it over the built-in router firewalls? Power consumption is another factor I guess.

Is it possible to assign Static IPs within this setup?

1) Yup
2) A cross over is a just a regular cable that has the pairs "crossed" at one end. You'd either have to look at the pins or hope its labled. Google for it and I'm sure you can find the pin out pretty quickly. If you've got ends and a crimpers you can even make any strait cable a cross.
3) Up to you. The IPcop solution will have more features and is definatly more geeky, but its up to you if you'll use those features.
4) Absolutely. Just make sure all the DHCP servers are turned off for every device.

Bascicly what you are doing is ignoring the router portion of those SOHO routers and just using the built in switches. Only other thing I can think of is to make sure you still have enough ports. If you use the IPCop box it will take a port on one switch, plus the cross over will take up another port on each switch. If you don't use the IPCop you'll open another port for the other computers.

 

[takt]

If I do go with the IPCop solution, wireless will still work, right? Or because DHCP is disabled, wireless clients won't be able to connect and grab an IP?

 

[Rakinos]

Wireless would still work fine. The dhcp server running on the box would still hand info to the wireless devices. I personally reccommend pfSense as opposed to ipcop, that's what I use.