IPCop logo

IPCop v2.0.0 Administration Manual

Chris Clancey

Harry Goldschmitt

John Kastner

Eric Oberlander

Peter Walker

Marco Sondermann

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License.

1 March 2014

Revision History
Revision 0.1.0 (beta) 29 Dec 2001 CW
Forward by Charles Williams
Revision 1.2.0 10 Jan 2003 RW
1.2.0 revisions
Revision 1.3.0 4 May 2003 HG
1.3.0 revisions
Revision 1.4.0 30 August 2004 CC, HG, JK, EO, PW
1.4.0 revisions
Revision 1.4.10 13 December 2005 HG, EO
1.4.10 revisions
Revision 1.4.12 30 April 2008 HG, EO
1.4.12 revisions
Revision 1.4.21 17 June 2009 EO
1.4.21 revisions
Revision 2.x 2009-2014 EO, OW, MS
IPCop v2 additions and modifications

Table of Contents

Preface
1. Rights and Disclaimers
2. Forward
1. Project Leader's Introduction
1.1. What Is IPCop?
1.2. Partial List of Features
1.3. What's New in v2.0?
1.4. Acknowledgements
2. Administration and Configuration
2.1. Home Administrative Window
2.2. System Web Pages
2.2.1. Scheduler
2.2.2. Updates
2.2.3. Passwords
2.2.4. SSH Access
2.2.5. GUI Settings
2.2.6. Email Settings
2.2.7. Backup Web Page
2.2.8. Shutdown Web Page
2.3. Status Menu
2.3.1. System Status
2.3.2. System Info
2.3.3. Network Status
2.3.4. System Graphs
2.3.5. Traffic Graphs
2.3.6. Proxy Graphs
2.3.7. Traffic Accounting
2.3.8. Connections
2.3.9. IPTables Output
2.4. Network Menu
2.4.1. Dialup
2.4.2. Upload
2.4.3. Modem
2.4.4. External Aliases Administrative Web Page
2.5. Services Menu
2.5.1. Web Proxy Administrative Web Page
2.5.2. URL Filter Administrative Web Page
2.5.3. DHCP Administrative Web Page
2.5.4. Dynamic DNS Administrative Web Page
2.5.5. Edit Hosts Administrative Web Page
2.5.6. Time Server Administrative Web Page
2.5.7. Traffic Shaping Administrative Web Page
2.6. Firewall Menu
2.6.1. Changes in v2.0
2.6.2. What traffic is allowed between Interfaces?
2.6.3. Firewall Settings Administrative Web Page
2.6.4. Address Filter Administrative Web Page
2.6.5. Services Administrative Web Page
2.6.6. Service Groups Administrative Web Page
2.6.7. Address Settings Administrative Web Page
2.6.8. Address Groups Administrative Web Page
2.6.9. Interfaces Administrative Web Page
2.6.10. Firewall Rules Administrative Web Page
2.7. VPNs Menu
2.7.1. Virtual Private Networks (VPNs)
2.7.2. Methods of Authentication
2.7.3. IPsec Configuration Administrative Web Page
2.7.4. OpenVPN Configuration Administrative Web Page
2.7.5. Certificate Authorities Administrative Web Page
2.8. Logs Menu
2.8.1. Log Settings Administrative Web Page
2.8.2. Log Summary Page
2.8.3. Proxy Logs Page
2.8.4. Firewall Logs Page
2.8.5. URL Filter Log
2.8.6. System Log Page
2.9. User Customization
2.9.1. rc.event.local
2.9.2. exclude.user
2.9.3. include.user
2.9.4. Custom IPTable Chains
2.9.5. rc.firewall.local
2.9.6. dnsmasq.local
2.9.7. setreservedports.pl
2.10. Web Proxy Server
2.10.1. Local Proxy Authentication
2.10.2. identd Authentication
2.10.3. LDAP Authentication
2.10.4. Windows Authentication
2.10.5. RADIUS Authentication
2.10.6. Classroom extensions
A. GNU Free Documentation License
A.1. 0. Preamble
A.2. 1. Applicability and Definitions
A.3. 2. Verbatim Copying
A.4. 3. Copying In Quantity
A.5. 4. Modifications
A.6. 5. Combining Documents
A.7. 6. Collections of Documents
A.8. 7. Aggregation With Independent Works
A.9. 8. Translation
A.10. 9. Termination
A.11. 10. Future Revisions of This License

List of Figures

2.1. Home Page
2.2. Home Page - Ethernet Connection
2.3. Home Page - Modem Connection
2.4. Add a Scheduler Action screen
2.5. Scheduled Actions section
2.6. Settings
2.7. Available Updates
2.8. Installed Updates
2.9. Passwords screen
2.10. SSH Access and SSH Host Keys
2.11. GUI Settings
2.12. Email settings
2.13. Backup screen
2.14. Shutdown
2.15. Connection Profiles
2.16. Connection Interface
2.17. Connection/Reconnection
2.18. Authentication
2.19. DNS
2.20. Typical upload firmware section
2.21. Modem Settings
2.22. Aliases sections
2.23. Web proxy - Common settings, Upstream proxy & Log Settings Sections
2.24. Proxy Error Message Designs. IPCop on the left, Standard on the right.
2.25. Web proxy - Time restrictions, Transfer limits & Download throttling Sections
2.26. Web proxy - MIME type filter & Web browser Sections
2.27. DHCP settings
2.28. Add a new fixed lease
2.29. List of fixed leases
2.30. Current dynamic leases
2.31. Dynamic DNS Settings
2.32. Add a dynamic DNS record
2.33. Current dynamic DNS records
2.34. Add a host
2.35. List of current hosts
2.36. Network Time Server Settings
2.37. Update the time
2.38. Traffic Shaping Settings
2.39. Add a service to Traffic Shaping
2.40. Firewall settings
2.41. Interface policies
2.42. Add device
2.43. Devices on Blue
2.44. Current DHCP leases on Blue
2.45. Add a service
2.46. Custom services
2.47. Default services
2.48. Add service to Group
2.49. Service Groups
2.50. Add address
2.51. Custom address list
2.52. Default networks list
2.53. Add address to Group
2.54. Address Groups list
2.55. Add interface
2.56. Default interfaces
2.57. Add a new rule
2.58. Example of a rule
2.59. Global settings
2.60. Connection status and control window: Initial View
2.61. Connection Type Selection
2.62. Host-to-Net Connection
2.63. Net-to-Net Connection
2.64. Authentication
2.65. Authentication continued
2.66. Global settings
2.67. Advanced Server options (top)
2.68. Advanced Server options (bottom)
2.69. Client status and control
2.70. Connection Type
2.71. Connection
2.72. Client status and control example
2.73. Certificate Authorities window: Initial View
2.74. Generate Root/Host Certificates window
2.75. Certificate Authorities window: with Certificates
2.76. Log Settings
2.77. Log Summary Output
2.78. Proxy Log Output
2.79. Firewall Log Output
2.80. System Log Output

List of Tables

2.1. GREEN
2.2. RED
2.3. BLUE
2.4. ORANGE