IPCop.org FAQs (frequently-asked questions)

Because your IPCop box is based on Linux, many of the features used in Linux can be made available by your firewall. IPCop is made to be easy to use, and the web interface reflects that. There are many features that are not made accesible by the web interface in order to keep it simple.

The important thing to remember is that the IPCop box is primarily a firewall and a router. All the other features are "nice to have". Anything you do to your IPCop box could reduce it's effectiveness, and the programmers won't be looking out for security holes in programs you have added, so they won't be making patches either.

If you want something more general purpose than a dedicated firewall you can have a look at the Gateway/Servers at this comparision list.
[x] 1.1 [x]1.2 [x]1.3 All versions

First of all, IPCop is missing many of the programs usually found in a Linux distribution. This is deliberate, as the lower number of applications means the system is simpler, and easier to keep secure

Because of this, our way in and out of the IP-Cop box is via a program called SSH. SSH is a secure command line interface which allows remote access. Normally, SSH uses port 22, but in order to allow port 22 to be forwarded elsewhere, port 222 is used on the IP-Cop box.

Most Linux distributions now include the SSH suite of programs, and there is a freeware Windows client called PuTTY. SSH includes a file transfer client called SCP, and there is also a freeware Windows version called WinSCP. Between these two programs, you should have all the tools you need to customise IP-Cop.
[x] 1.1 [x]1.2 [x]1.3 All versions

The configuration files in IPCop can roughly be divided into two camps, those that are pre-configured, or set up during the install and those that can be modified by the web interface or setup program.

In most cases, if IPCop can modify the file via the web interface or setup program it saves the information in a subdirectory in /var/ipcop. The configuration file (usually in /etc) is then instead symbolically linked to the IPCop version.

For example, if I want extra parameters to be given out by the DHCP server that aren't available via the web interface, what I need to do is overwrite the symbolic link in /etc with a new dhcpd.conf with (e.g.) netbios settings for my Windows machines, such as WINS servers and Node typesfile. Restart the service and you will find that these parameters will now be given out by IPCop ignoring it's own settings.
[x] 1.1 [x]1.2 [x]1.3 All versions

Using SCP, you can download new files into the IPCop box. This way you can add additional programs that may help you faultfind your network, or add additional functionality.

For example, IP-Cop does not have "traceroute" (It has tracepath, which has similar functionality). Using SCP (or WinSCP), simply move the file from another Linux box into the appropriate folder (/usr/sbin, in this case), check the file permisions, and now you have an new tool on your IPCop box.

In some cases it may be more complex that that, so you will have to work out what goes where.
[x] 1.1 [x]1.2 [x]1.3 All versions

You can run into problems if you edit text files on a Windows PC, and then transfer them to IPCop. PC files have different line endings from Unix files.

The way to avoid this problem is to use Windows/Unix Text Editors that are aware of this. Ones to consider include:

* UltraEdit
* Crimson Editor (free)
* TextPad
* NotePad+ (free)
* EditPad Lite (free for non-commercial use)

Mac owners can use this free Text Editor

* BBEdit Lite

Alternatively, for folks who have to use a Windows editor, by far the easiest way is to save the file on the Windows machine in native Windows mode, transfer it to a work area /tmp on the IPCop box, and then use this one-line gem to remove the carriage return characters.

tr -d "\015" < the_windows_file > the_unix_file

From version 1.3.0, if you want to run your own commands at startup, put them in a file named /etc/rc.d/rc.local, they will automatically run when IPCop boots. The file is included in the set of files that are backed up onto floppy.

Look if swap is in use with 'free'
If swap is in use, stop services like snort to free memory

Switch off swap with
'swapoff /swapfile'

If you create a bigger swap file, you could directly recreate the file
'dd if=/dev/zero of=/swapfile bs=1024k count=(size in Mb)'

If you create a smaller swap file, you have to rm /swapfile before dd command

Then make the file usable for swap
'mkswap /swapfile'

And switch the swap on
'swapon /swapfile'

You could be sure swap is usable using again 'free'
[ ] 1.1 [ ]1.2 [x]1.3 All versions