Linux Firewall Part 4: Installation


Core software installation

For the purposes of this turotial, I am making several assumptions.  I am assuming that your green network is 192.168.1.x and your orange network is 192.168.15.x.  If you want a different network config, then modify as necessary.

If you already have an Internet Router that you’re intending to replace, I recommend some prep-work to make things easier.  Most routers are set as the gateway to their network (i.e., and this is probably the address that you want your firewall to use.  Otherwise, you’ll have to set the firewall to or some other address, which can get real confusing really fast.  Go ahead and log into your existing firewall, and change its address to, or some other number, so that it will not conflict with your new firewall.  And turn off DHCP, since your new firewall should be the new DHCP server… you don’t want two servers trying to dole out dynamic IP addresses and wreaking all sorts of havok.

Once your hardware is prepared, IPcop is very easy to install.  First you must download the latest distribution and burn the image to a CD. Then, go into your motherboard’s BIOS and make sure that your CD-ROM is your first boot device.

Then just plop in the CD and let it boot.  You are presented with a prompt which allows you to set any parameters you like before boot.  I actually ran into an issue where Linux could not find the hard drives because it wanted to install on the attached USB card reader.  In this case, I typed “vmlinuz nousb”, which disabled USB support.  If you do this, then you won’t be able to use USB keyboards, even after installation.  I would just temporarially unplug any USB storage devices during installation.

After setting any parameters (or just press Enter to continue), you are presented with an ANSI-based installation wizard.

The first few screens are rather self-explanatory.  You are asked to enter what type of keyboard you’re using , your time zone, and what you want to name your firewall.  By default, the name is ‘ipcop’ but you can change it to anything else you would like.  When it comes to the Domain screen, just leave it at default (localdomain).

ISDN screen

For some reason, the first major configuration screen is the ISDN configuraiton menu.  I’ve only known one person who ever used ISDN, and that was eight years ago.  It would benefit the firewall community to remove this screen, or only show this screen if you choose a particular parameter.  For most people, tab over to ‘Disable ISDN’ and press Enter.  If you really need help configuring ISDN, then consult the IPcop installation manual.

Choose Network Type

The next step is to configure your network type.  For the purposes of this tutorial, we are selecing a GREEN + ORANGE + RED configuration. You must have three seperate network cards to use this configuration.  If you only want a basic firewall, then select the GREEN + RED configuration.  Remember that the red network is the Internet connection, Orange is your DMZ, and Green is your internal network.  All of these networks will have a completely different IP range.

Enter IP addresses

You are then asked to enter the IP information of your Red (Internet) interface.  Your choices are Static, DHCP, PPPOE, and PPTP.  The type totally depends on your network configuration.  Business-class Internet access typically has a Static IP address, so enter that IP in the IP address field.  If you have cable or DSL then you could be using DHCP or PPPOE.  Some notes to remember are:

  • Your RED network must have a static address if you wish to use IPCop’s aliasing feature.
  • DHCP is used when your ISP has indicated you are to use automatic addressing.
  • Some ISP’s, require you to provide a hostname to their DHCP server. This probably is not IPCop’s hostname. If it’s needed, you can probably use the first part of the fully qualified domain name you noted while gathering the network parameters.
  • If your connection is via PPPOE, your ISP will supply all necessary information during the initial connection, so you won’t have to do anything, after selecting it.
  • If your connection is via PPTP, you will have to supply your RED network IP address and Network mask, just like the static addressing case. This address is almost always with a network mask of

You can then choose the interfaces for your Orange and Green Networks.  You may need to select Probe for IPcop to find the interfaces, and then you can select each interface and assign IP addresses for them.  Remember that each interface must have its own IP address range.  To keep things simple, many people use 192.168.0.x for their Green Network, and 192.168.10.x for their Orange network.  Each of these network’s DNS servers are probably the same as the Red interface (which you previously entered).

You are then prompted for DNS information, which should have been provided to you by your ISP.  Enter that information in the DNS and Gateway settings.

We finish the installation on the next page…