IPCOP?

[Format _C:]

I watched the Systm Video (I miss Tech TV Stupid G4) about IP COP but I already have a router (Buffalo Tech WHR-HP-G54) and I want to know if it's even worth it to build an IPCOP machine? I have all of the parts already and If I do how can I factor in my wireless router? and can I still use the 4 ports on the router?

I basically want to know what can IPcop do that my Buffalo router can't (Besides WIFI)

 

[Jay_2]

what do you want it to do exactly?

 

[Format _C:]

I don't know exactly I just want to mess with it would it be more secure than my Buffalo router?

 

[YeOldeStonecat]

The advantage of the *nix router distros...if often performance, ability to handle heavy loads better than home grade routers..as you can install them on beefy machines (P3, 512 or higher megs of RAM)...and have the performance of a 5,000 dollar enterprise grade router.

Whether or not you push your internet hard enough at home to bog down a home grade router....so the ability to see the performance increase, only you can answer that.

They are usually more stable (if you install them on decent hardware), and have more options. Many router distros available to choose from...IPCop is a very popular one...and there are a lot of add-on modules you can install for IPCop, such as Copfilter..which adds antivirus scanning of web/mail/ftp traffic, as well as SPAM removal of mail traffic. So in that sense....yes you can get more secure. There are a few other *nix router distros avail that have scanning features...such as Endian, and Untangle. Also they'll have deep SPI and intrusion detection such as SNORT.

Most of them have VPN features also, commonly OpenVPN.

Also you can configure optional zones and what not..usually something a home user will never need to bother with. Such as true DMZ, or a separate orange zone for wireless.

To address your wireless question..it's easy to keep your existing router..reconfigure it as an access point..uplink your IPCops green NIC to it..and use the other 3x LAN ports as a switch. Disable DHCP on the router, change its LAN IP to match your IPCops green IP address (say the IPCop green IP is 192.168.1.1, make your router/access point 192.168.1.245 for example). The IPCop box would run DHCP.

Other popular *nix distros...m0n0wall, Smoothwall, PFSense....there's a thread about them bouncing around here you can search for.

 

[Format _C:]

Ok so I'm going to install it on an old Athlon 900MHZ 10GB IDE HDD how many NICS do I need to continue using my wireless as an orange zone? The MB has a built in NIC which has a realtek 8139D Chipset which I heard is supported good under IPCOP I also have a bunch of PCI NICS I can put in I just need to know how many to use.

Thanks

 

[fireburster]

you could look at smoothwall and endian also. All are good to use. I have an endian box myself.

p3 600 with 512 sdram 10g hdd.

 

[bassman]

would it be more secure than my Buffalo router?

Yes, if you install some addons.

BlockOutTraffic lets you filter outgoing traffic, Snort analyzes traffic for intrusion attempts, DansGuardian filters web content, Copfilter scans traffic for spam and viruses, Zerina gives you a nice, easy to configure VPN endpoint, etc, etc, etc.

I've heard good things about smoothwall and endian, too. Since I already know IPCop I don't have a reason to switch.

how many NICS do I need to continue using my wireless as an orange zone?

3, if you're setting up a green network too.

Do you need an orange segment? You can put your router in green if you don't want to deal with the configuration hassle. (If you're worried about the security of your wireless AP, then it's probably best to put it into orange.)

 

[cooter]

Ok so I'm going to install it on an old Athlon 900MHZ 10GB IDE HDD how many NICS do I need to continue using my wireless as an orange zone? The MB has a built in NIC which has a realtek 8139D Chipset which I heard is supported good under IPCOP I also have a bunch of PCI NICS I can put in I just need to know how many to use.

Thanks

You will need eitehr 2 or 3 NICs to set up a network as you mention.

1 NIC for RED (Internet, connects to your modem)
1 NIC for GREEN (Connects to your switch, basically your LAN)
1 NIC for Blue (Connects to your wireless)

Now the reason you can do 2 is because the wireless can be on green as well, the reason you would have it on Blue is for security reasons.

You also mention ORange, Orange is for a DMZ not wireless.

In my mind there are 4 reasons to use IPCOP:
1. Curiosity and for something to do.
2. Security, It is more secure natively and has more secuirty options then a normal router.
3. Performance as mentioned above.
4. VPN

I would say start off with simply using 2 nics, RED and Green. put your wireless on your green subnet. Then after you play with it a bit if you want to try the blue interface go for it.

See my sig for my IPCOP box!!!

 

[LoStMaTt]

For your first setup I would recommend just sticking to a Green+Red config.

Why? Because if you set up a Blue it is not easy to access the Green network.

Translation: Wireless computers will have a hard time talking to wired computers. (IE shared folders, printers etc).

So setup IPCOP with a Green+Red config and just turn off DHCP on your buffalo. Then just plug a cable from the Green card on IPCOP to one of the 4 ports on the back of your buffalo.

Also make sure to change the IP of your Buffalo to something that will allow you to configure it later.

Ex:
IPCOP: 192.168.1.1
Buffalo: 192.168.1.2

 

[YeOldeStonecat]

For your first setup I would recommend just sticking to a Green+Red config.

Why? Because if you set up a Blue it is not easy to access the Green network.

Translation: Wireless computers will have a hard time talking to wired computers. (IE shared folders, printers etc).

So setup IPCOP with a Green+Red config and just turn off DHCP on your buffalo. Then just plug a cable from the Green card on IPCOP to one of the 4 ports on the back of your buffalo.

Also make sure to change the IP of your Buffalo to something that will allow you to configure it later.

Ex:
IPCOP: 192.168.1.1
Buffalo: 192.168.1.2

I second this..keep it simple...for a home setup...you don't need an orange/blue zone for your wireless..just makes it unnecessarily complicated IMO. Just flip your wireless router to run as an access point...DHCP off..match LAN IP to be in same range as your IPCop boxes green side (as illustrated above) so you can manage it..uplink your IPCop green NIC into a LAN port of your wireless router..you will not use the WAN/Internet link of your wireless router..and you're all set. Can use the other 3 LAN ports as a switch for your LAN.