IPCop.org FAQs (frequently-asked questions)

IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software.


OLD PC + IPCOP = Secure Internet Appliance

IPCop lets you take an old PC and convert it into an appliance that will.

1. Secure your home network from the internet.
2. Improve the performance of web browsers (by keeping frequently used information)

All this functionality can be managed from a simple to use web interface, even updates and patches can be installed using a web browser.
Remember IPCop works with most home networks and small office networks, dial up modems, cable modems, ADSL, Leased lines and ISDN. It also lets several PCs share connections to the internet. If you have an always on connection to can even use IPCop to protect your web and email servers. IPCop also has remote management meaning you can securely update and reconfigure your IPCop firewall from anywhere with an internet connection!

IPCop Firewall basically sits "in between" your Internet connection (dial-up modem, cable-modem, DSL, etc) and works directs traffic using a set of rules for the TCP/IP traffic that underlies all Internet activities. The default rules, ideal for most users, are essentially simple in nature. They allow you to "surf" to the outside world and visit web-sites, FTP, email and so forth. And as you go about your tasks on the Internet, IPCop allows return traffic from those tasks, that you requested, to pass through. If, however, some random TCP/IP traffic comes in, requesting information from your computer, and that traffic is not in response to your requests, IPCop Firewall refuses to respond, and logs that attempt. Thus, you are allowed to go about your normal business, but when the bad guys try to come after you, they are stopped cold, because they are not responding to your requests. Think of IPCop Firewall as your friendly traffic cop down on the corner, making sure that things travel smoothly, and enforcing good rules on your Internet traffic.

Yes, but... :-)

There are some applications which, under the hood, set up two channels of TCP/IP traffic for various reasons. For example, many online shoot-em-up games like Quake open up several TCP/IP channels to so that high-priority messages such as movement and shooting the bad guys can get through on the priority channel, while the graphics are sent through a lower-priority channel. Similarly, NetMeeting and some NetMessenger applications open up multiple channels in order to facilitate multiple people talking at once. You can still use these games, but you'll need to do some post-installation configuration to alter the "Rules" a little bit so that IPCop Firewall (your friendly traffic cop) will know about your specific exceptions.

You can configure IPCop Firewall and your remote computers to use VPN which basically lets authorized remote computers "pretend" to be behind your firewall, even if, in reality, they are far, far away in a distant galaxy. Check out the IPCop VPN documentation.

You can remotely access your desktop from any location with an internet connection here is how.

1. To remotely access your the Desktop machine (UNIX workstation, PC with Linux or Windows or Macintosh) use VNC. Some Windows users may prefer TightVNC. Install VNC on your desktop machine.


2. To secure access to your Desktop Machine SSH is recommended. SSH is built into IPCop (you have to switch it on using the web interface: One the IPCop web interface select, System, SSH and enable SSH then press Save).


3. Now on the remote site you will need an SSH Client.
   - Windows PuTTY
   - Macintosh NiftyTelnet SSH
   - Unix OpenSSH
   You can find more extensive lists of SSH clients for various (other) operating systems here).


4. Open port 222 in External services.


5. Open an SSH connection and setup a tunnel to your desktop machine.


6. Use a VNC client (a java enabled browser will do) on the remote PC to access your desktop at home!

Well, there is the IPCop Users mailing list of course and there is also the IPCop IRC channel. To join the IRC channel just connect to server: irc.freenode.net and then the IPCop channel: #ipcop

Basically, a hardware based firewall will require that you purchase the complete solution (hardware and software) for a rather hefty sum. Other software solutions are either commercial (you pay) or free and doesn't offer the level of security and/or ease of use that IPCop does.

First, you'll need a whole new computer for IPCop itself. This is not as excessive as it sounds. For one thing, IPCop can run on obsolete hardware that many companies are literally throwing away as "useless". IPCop Firewall will be connected to the outside world, so you'll need a cable and whatever kind of card (modem, NIC, etc) that you would normally have in your computer. Exactly what you need for this connection depends on how you connect to the Internet, but you probably can simply move the existing cables and hardware from your current computer to IPCop Firewall.

Then, you'll need another cable and NIC in IPCop Firewall to connect to your computer, or to your switch/router if you have several desktops to hook up. Finally, you'll need a NIC in your desktop computer, or one in each desktop computer if you have several desktops to hook up. Check the Installation Guide for more information.

If in need of a feature not yet found in IPCop, it is best to add an RFE item on the request for enhancements list. You can find this list on our SourceForge page.

Spread the word! ;)

Seriously, we can only make IPCop better by having more people using it to let us know where we can improve it. So tell everyone you can about it.

If you happen to have a good background in Linux, Perl, XML, Firewalling, Support background or security and have the time to give to the IPCop Project then contact CharlesWilliams for more information.

Please read the GNU article Selling Free Software.

Certain people will be allowed to mirror the IPCop ISO. We will keep an updated list of where these mirrors are and this list will contain the ONLY authorized list of mirrors. If you download an ISO from anywhere else then you may be downloading an ISO that has been tampered with. Always check the MD5sum for the iso you have downloaded before installing IPCop.

• Reading the full IPCop Documentation is always good.


• If you're having trouble with installing or configuring IPCop, the IPCop Installation and IPCop Administration Guides are a must.


• Search the IPCopMailingLists archives


• Next, try posting a question to the appropriate IPCop Mailing List.


• Check the other support sites as listed on the Support page.

IPCop is only a firewall appliance. If you want a Connectivity Server, with network file shares, email etc. take a look at these alternatives:

• SME Server


• ClarkConnect

• http://www.pigtail.net/LRP/printsrv/