Book Image

Configuring IPCop Firewalls: Closing Borders with Open Source

Book Image

Configuring IPCop Firewalls: Closing Borders with Open Source

Overview of this book

IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way. This book is an easy introduction to this popular application. After introducing and explaining the foundations of firewalling and networking and why they're important, the book moves on to cover using IPCop, from installing it, through configuring it, to more advanced features, such as configuring IPCop to work as an IDS, VPN and using it for bandwidth management. While providing necessary theoretical background, the book takes a practical approach, presenting sample configurations for home users, small businesses, and large businesses. The book contains plenty of illustrative examples.
Table of Contents (16 chapters)
Configuring IPCop Firewalls
Credits
About the Authors
About the Reviewers
Preface
7
Virtual Private Networks
11
IPCop Support

Summary


In this chapter we have provided a high-level overview of three scenarios in which IPCop may be deployed in roles that suit it, along with an analysis of the benefits and pitfalls of IPCop usage in these situations.

These three topologies will be used further on in the book as case studies for maintenance and deployment.

Topology one: A dual-homed firewall performing Network Address Translation for a few clients. This is an excellent drop-in replacement for a small SOHO router or Microsoft's Internet Connection firewall. It is more secure, more reliable, and more scalable than other solutions for similar situations.

This topology uses IPCop's NAT features, and can use Port Forwarding for external services access and the Intrusion Detection System for added network security.

Topology two: A DMZ firewall with a separate segment for externally facing services such as incoming mail. Typically used by a small or medium business who have outgrown a single-subnet network, this is a common stepping...