2.3.1. Network Interfaces

IPCop defines up to four network interfaces, RED, GREEN, BLUE and ORANGE.

2.3.1.1. RED Network Interface

This network is the Internet or other untrusted network. IPCop's primary purpose is to protect the GREEN, BLUE and ORANGE networks and their computers from traffic originating on the RED network. Your current connection method and hardware are used to connect to this network.

2.3.1.2. GREEN Network Interface

This network only connects to the computer(s) that IPCop is protecting. It is presumed to be local. Traffic to it is routed through an Ethernet NIC.

2.3.1.3. BLUE Network Interface

This optional network allows you to place wireless and/or wired devices on a separate network. Computers on this network cannot get to the GREEN network except via tightly controlled pinholes, or via a VPN. Traffic to this network is routed through an Ethernet NIC.

2.3.1.4. ORANGE Network Interface

This optional network allows you to place publicly accessible servers on a separate network. Computers on this network cannot get to the GREEN or BLUE networks, except through tightly controlled pinholes. Traffic to this network is routed through an Ethernet NIC.

2.3.1.5. Network Interfaces

Your firewall will need at least 1 Ethernet cable and network interface card (NIC). It may need up to 4 NICs, depending on the network configuration you choose and your connection to the Internet.

All NICs must be different physical cards (or their equivalent if you have multiport cards).

Ignoring for a moment the RED network, you will have to plug a separate Ethernet NIC and cable into your firewall for each of the GREEN, BLUE and/or ORANGE network. The GREEN and RED networks are required. The ORANGE and BLUE networks are optional. The interface requirements for your RED network will vary depending on your connection to the Internet. The RED network may require an additional Ethernet card and cable.

sample networks

RED, ORANGE, BLUE, GREEN Configuration

The RED, ORANGE, BLUE, GREEN diagram shows that, other than the RED net, each of the networks needs an Ethernet card. If you are currently using an Ethernet connection to the Internet, you will need a card for it, too. The networks must have different network addresses.

Note

Remember, the BLUE and ORANGE networks are optional.

2.3.1.6. Relative Security of IPCop Network Interfaces

The security model of IPCop is that the GREEN network is fully trusted and any requests from this network, whether initiated by a user or by a machine infected with a virus, Trojan horse or other malware is legitimate and allowed by IPCop.

A new feature of IPCop 2.0.0, allows to set policies for each network interface. This makes it possible to allow only specific traffic to RED and IPCop.

The order of trustworthiness of networks in order of increasing trust is:

RED→ORANGE→BLUE→GREEN