IPCOP FAQ Version 0.7.0

1 FAQ
1.1 IPCOP Setup Issues
  1.1.1 I just downloaded IPCOP but it will not install. Help!
  1.1.2 I have a Red-Blue-Green setup but I can not access computer on Blue from Green. Help!
  1.1.3 I have a Red-Orange-Green setup connected by a switch. None of my computers can access the Internet, why?
  1.1.4 Is there any way I can disable NAT on IPCOP?
  1.1.5 IPCOP will not recognize all of my NICs, what do I do?
  1.1.6 How do I SSH into IPCOP?
  1.1.7 How can I remotely access the web interface?
  1.1.8 I have enabled remote access to the web interface but I can’t connect. What’s wrong?
  1.1.9 How do I change my SSL port for the web interface?
  1.1.10 How do I change my setup type after install?
  1.1.11 My NIC won’t work, what do I do? (PCI IRQ Conflicts)
  1.1.12 I want to use Gigabit ethernet NICs. Does IPCOP support Gigabit ethernet NICs?
  1.1.13 I have added a second subnet/LAN to IPCOP. How do I get the web proxy to allow web request?
  1.1.14 How do I setup Dynamic DNS on IPCOP?
1.2 Administrating IPCOP
  1.2.1 What is the difference between Port Forwarding and External Access?
  1.2.2 I just looked at my status page and noticed I am running a web server. What is it and how do I stop it?
  1.2.3 My consumer router has UPNP, how do I enable it on IPCOP?
  1.2.4 My consumer router has Port Triggering, how do I enable it on IPCOP?
  1.2.5 I have multiple IP addresses from my ISP. How do I configure IPCOP to respond to all of them?
  1.2.6 I have added IP addresses to the Alias page but all of my requests come from one IP address. How do I change this?
  1.2.7 How do I copy a file over to IPCOP?
  1.2.8 How do I test port forwarding, external access, and/or my firewall for open ports?
  1.2.9 When I do a port scan, IPCOP shows port 113 is closed. How do I make port 113 unreplied?
  1.2.10 My traffic graphs are not updating, what do I do?
  1.2.11 I am trying to update IPCOP, do I have to apply all patches in order?
  1.2.12 How do I edit files on IPCOP?
  1.2.13 How do I change the http and https ports IPCOP uses?
  1.2.14 How do I set multiple public IP addresses with my PPPoE/PPPoA connection?
  1.2.15 How do I login to IPCOP?
  1.2.16 How do I change the port IPCOP uses for SSH?
  1.2.17 I am receiving the following error message when trying to change settings in the web GUI: ’Invalid referer: doesn’t match servername!’
  1.2.18 I don’t like the builtin graphs, where can I get better graphs?
1.3 Using IPCOP
  1.3.1 I just installed IPCOP and I can not get an IP Address from my ISP. Help!
  1.3.2 IPCOP keeps crashing when I use p2p/bittorrent clients, what do I do?
  1.3.3 How do I add a custom host to IPCOP’s DNS?
  1.3.4 How do I use the builtin traffic shaper?
  1.3.5 How do I change my MTU settings?
  1.3.6 I am getting a Snort ’Oink Oink’ error, how do I fix it?
  1.3.7 Snort fails after rules update, what do I do?
  1.3.8 How do I rebuild my Zerina certificates?
  1.3.9 How do I run OpenVPN on Vista?
  1.3.10 How do I control access for VPN clients to my servers?
  1.3.11 I have added a computer to Blue but it is not connecting to the Internet. What do I do?
  1.3.12 How do I use DNS servers with IPCOP (i.e. which to specify for each interface)?
1.4 Advanced IPCOP setups
  1.4.1 How do I configure IPCOP to work in 1:1 NAT mode?
  1.4.2 I added a wireless access point to the Blue NIC and I can’t access the web. What’s wrong?
  1.4.3 How do I configure IPCOP to force registration of wireless users before they can access the Internet (a.k.a. I want a Captive Portal on IPCOP)?
  1.4.4 How do I use multiple WAN interfaces with IPCOP?
  1.4.5 How do I configure IPCOP to support load balancing?
  1.4.6 How do I setup multiple of the same type of interface?
  1.4.7 I want to prevent outbound traffic, how do I do this?
  1.4.8 I have blocked port Y but program X can still connect to the Internet. How do I block program X from connecting?
  1.4.9 What are Cron Jobs/How do I edit IPCOP’s Cron Jobs?
  1.4.10 Multiple NAT routers behind IPCOP
  1.4.11 How do I block inbound traffic from repeat offenders?
  1.4.12 How do I allow the ’dial’ user to access more IPCOP web interface pages?
  1.4.13 How do I allow an unauthenticated user to access more IPCOP web interface pages?
  1.4.14 I would like to keep track if my LAN computers are online/offline, how do I do that?
  1.4.15 How do I setup a HA (High Availability) IPCOP setup?
  1.4.16 I would like to have additional graphs for individual IPs. How do I do this easily?
  1.4.17 I want to regenerate my SSL certificates, what do I do?
1.5 Servers behind IPCOP
  1.5.1 I have added a server to the DMZ but it is not connecting to the Internet. What do I do?
  1.5.2 I can not access server X after installing IPCOP!
  1.5.3 I moved my server to the DMZ and can no longer access any of the services.
  1.5.4 I have added port forwarding rules but they don’t seem to work. What do I do?
  1.5.5 VOIP Server behind IPCOP
  1.5.6 How do I access a Windows Share from over the VPN?
1.6 VPNs and IPCOP
  1.6.1 I have created a VPN between two IPCOPs but it will not connect. What am I doing wrong?
  1.6.2 I want to have roadwarrior access to IPCOP. How do I set it up?
  1.6.3 I want to use the builtin Microsoft VPN client. How do I connect to IPCOP?
  1.6.4 I have successfully created and connected to IPCOP via a VPN but I can not access any services/computers at the remote location. What’s wrong?
  1.6.5 My internet connection is not good and my VPNs will not stay connected. What can I do?
  1.6.6 How do I browse network shares over a VPN?
  1.6.7 What do each of the debug options do in VPN menu?
  1.6.8 I have OpenVPN installed and I want to be able to access other subnets in addition to Green. What do I need to do?
1.7 Advanced features with IPCOP
  1.7.1 The built in traffic shaper for IPCOP is insufficient, what else can I use?
  1.7.2 I want to install service Y to IPCOP. How do I do it?
  1.7.3 I want to add service X to IPCOP but it requires make. How do I install it?
  1.7.4 I would like to port forward based on hostname not port, how can I do this?
  1.7.5 I would like to control who can and can’t access website. How do I do this?
  1.7.6 I have installed an addon to IPCOP. After upgrading IPCOP, the addon no longer works. What do I do?
  1.7.7 How do I determine what ports I need to open for application XYZ?
  1.7.8 What if I want to run application XYZ in/on Orange?
  1.7.9 Should I put application XYZ in Green or Orange?
  1.7.10 Why do some applications (ABC) need a public IP, and how do I fix that?
  1.7.11 How do I minimize the risk of running service XYZ on my IPCOP?
  1.7.12 How do I backup IPCOP to Bacula?
1.8 Command line options
  1.8.1 How do I change the port forwarding settings from the command line?
  1.8.2 How do I change the blue access settings from the command line?
  1.8.3 How do I change the external access settings from the command line?
  1.8.4 Qos_NG is too complex to use. Is there something else I can use?
  1.8.5 How do I enable SSH access from the command line?
  1.8.6 What text editors are built into IPCOP?
2 Forum usage
3 Tutorials
3.1 VPN Setup
3.2 Wireless with a Wireless Router
3.3 Creating an SSH Tunnel with IPCOP
3.4 Setting up IPCOP behind another firewall
3.5 How To Setup Modem and IPCOP for DSL PPPoE or PPPoA Internet Connection
3.6 Basic Networking Guide
3.7 Hardware check tutorial
3.8 Copying files to IPCOP
3.9 Running commands on IPCOP
3.10 IPCOP and VMware
3.11 SSH with private keys
3.12 SNatGUI Setup
3.13 Converting Existing Setups to IPCOP
3.14 Securing an existing IPCOP installation
3.15 Bare Metal Recovery
3.16 Adding additional interfaces to IPCOP (and get them to load correctly)
4 Basic Network Layouts
5 Requested Material
5.1 FAQs
5.2 Tutorials
6 Getting in contact with the author
6.1 Requesting Material
6.2 Contributing to this document

Preface

If you are linking to the html version of this FAQ, please use the following format: Please link directly to the new Wiki page

This FAQ has being translated into a Wiki. This FAQ will be updated to point to the appropriate Wiki page only.

THIS DOCUMENTATION IS PROVIDED ’AS IS’ AND IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION OR THE ASSOCIATED SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Embedding this document on another site is prohibited. If you are reading this document and do not see a url starting with http://ipcops.com/faq, then report this to ds531 on ipcops.com.

Revision History

Chapter 1
FAQ

1.1 IPCOP Setup Issues

1.1.1 I just downloaded IPCOP but it will not install. Help!

1.1.2 I have a Red-Blue-Green setup but I can not access computer on Blue from Green. Help!

1.1.3 I have a Red-Orange-Green setup connected by a switch. None of my computers can access the Internet, why?

1.1.4 Is there any way I can disable NAT on IPCOP?

1.1.5 IPCOP will not recognize all of my NICs, what do I do?

1.1.6 How do I SSH into IPCOP?

1.1.7 How can I remotely access the web interface?

1.1.8 I have enabled remote access to the web interface but I can’t connect. What’s wrong?

1.1.9 How do I change my SSL port for the web interface?

1.1.10 How do I change my setup type after install?

1.1.11 My NIC won’t work, what do I do? (PCI IRQ Conflicts)

1.1.12 I want to use Gigabit ethernet NICs. Does IPCOP support Gigabit ethernet NICs?

1.1.13 I have added a second subnet/LAN to IPCOP. How do I get the web proxy to allow web request?

1.1.14 How do I setup Dynamic DNS on IPCOP?

1.2 Administrating IPCOP

1.2.1 What is the difference between Port Forwarding and External Access?

1.2.2 I just looked at my status page and noticed I am running a web server. What is it and how do I stop it?

1.2.3 My consumer router has UPNP, how do I enable it on IPCOP?

1.2.4 My consumer router has Port Triggering, how do I enable it on IPCOP?

1.2.5 I have multiple IP addresses from my ISP. How do I configure IPCOP to respond to all of them?

1.2.6 I have added IP addresses to the Alias page but all of my requests come from one IP address. How do I change this?

1.2.7 How do I copy a file over to IPCOP?

1.2.8 How do I test port forwarding, external access, and/or my firewall for open ports?

1.2.9 When I do a port scan, IPCOP shows port 113 is closed. How do I make port 113 unreplied?

1.2.10 My traffic graphs are not updating, what do I do?

1.2.11 I am trying to update IPCOP, do I have to apply all patches in order?

1.2.12 How do I edit files on IPCOP?

1.2.13 How do I change the http and https ports IPCOP uses?

1.2.14 How do I set multiple public IP addresses with my PPPoE/PPPoA connection?

1.2.15 How do I login to IPCOP?

1.2.16 How do I change the port IPCOP uses for SSH?

1.2.17 I am receiving the following error message when trying to change settings in the web GUI: ’Invalid referer: doesn’t match servername!’

1.2.18 I don’t like the builtin graphs, where can I get better graphs?

1.3 Using IPCOP

1.3.1 I just installed IPCOP and I can not get an IP Address from my ISP. Help!

1.3.2 IPCOP keeps crashing when I use p2p/bittorrent clients, what do I do?

1.3.3 How do I add a custom host to IPCOP’s DNS?

1.3.4 How do I use the builtin traffic shaper?

1.3.5 How do I change my MTU settings?

1.3.6 I am getting a Snort ’Oink Oink’ error, how do I fix it?

1.3.7 Snort fails after rules update, what do I do?

1.3.8 How do I rebuild my Zerina certificates?

1.3.9 How do I run OpenVPN on Vista?

1.3.10 How do I control access for VPN clients to my servers?

1.3.11 I have added a computer to Blue but it is not connecting to the Internet. What do I do?

1.3.12 How do I use DNS servers with IPCOP (i.e. which to specify for each interface)?

1.4 Advanced IPCOP setups

1.4.1 How do I configure IPCOP to work in 1:1 NAT mode?

1.4.2 I added a wireless access point to the Blue NIC and I can’t access the web. What’s wrong?

1.4.3 How do I configure IPCOP to force registration of wireless users before they can access the Internet (a.k.a. I want a Captive Portal on IPCOP)?

1.4.4 How do I use multiple WAN interfaces with IPCOP?

1.4.5 How do I configure IPCOP to support load balancing?

1.4.6 How do I setup multiple of the same type of interface?

1.4.7 I want to prevent outbound traffic, how do I do this?

1.4.8 I have blocked port Y but program X can still connect to the Internet. How do I block program X from connecting?

1.4.9 What are Cron Jobs/How do I edit IPCOP’s Cron Jobs?

1.4.10 Multiple NAT routers behind IPCOP

1.4.11 How do I block inbound traffic from repeat offenders?

1.4.12 How do I allow the ’dial’ user to access more IPCOP web interface pages?

1.4.13 How do I allow an unauthenticated user to access more IPCOP web interface pages?

1.4.14 I would like to keep track if my LAN computers are online/offline, how do I do that?

1.4.15 How do I setup a HA (High Availability) IPCOP setup?

1.4.16 I would like to have additional graphs for individual IPs. How do I do this easily?

1.4.17 I want to regenerate my SSL certificates, what do I do?

1.5 Servers behind IPCOP

1.5.1 I have added a server to the DMZ but it is not connecting to the Internet. What do I do?

1.5.2 I can not access server X after installing IPCOP!

1.5.3 I moved my server to the DMZ and can no longer access any of the services.

1.5.4 I have added port forwarding rules but they don’t seem to work. What do I do?

1.5.5 VOIP Server behind IPCOP

1.5.6 How do I access a Windows Share from over the VPN?

1.6 VPNs and IPCOP

1.6.1 I have created a VPN between two IPCOPs but it will not connect. What am I doing wrong?

1.6.2 I want to have roadwarrior access to IPCOP. How do I set it up?

1.6.3 I want to use the builtin Microsoft VPN client. How do I connect to IPCOP?

1.6.4 I have successfully created and connected to IPCOP via a VPN but I can not access any services/computers at the remote location. What’s wrong?

1.6.5 My internet connection is not good and my VPNs will not stay connected. What can I do?

1.6.6 How do I browse network shares over a VPN?

1.6.7 What do each of the debug options do in VPN menu?

1.6.8 I have OpenVPN installed and I want to be able to access other subnets in addition to Green. What do I need to do?

1.7 Advanced features with IPCOP

1.7.1 The built in traffic shaper for IPCOP is insufficient, what else can I use?

1.7.2 I want to install service Y to IPCOP. How do I do it?

IPCOP is a firewall. Adding additional services can open security holes which can be used to compromise your firewall. Certain services, such as SAMBA, expose IPCOP to unnecessary risk and should be installed on a separate computer. If you decide to continue and compromise your firewall, don’t complain when it gets hacked.

1.7.3 I want to add service X to IPCOP but it requires make. How do I install it?

IPCOP does not include make for security reasons. Compile the software on another computer and bring the binary over to IPCOP.

1.7.4 I would like to port forward based on hostname not port, how can I do this?

IPCOP does not support forwarding based on hostname. Apache can do a better job at redirecting based on hostname than IPCOP.

1.7.5 I would like to control who can and can’t access website. How do I do this?

Advproxy provides authentication for web browsing and UrlFilter provides the ability to whitelist and blacklist sites.

1.7.6 I have installed an addon to IPCOP. After upgrading IPCOP, the addon no longer works. What do I do?

Some addons created for IPCOP are kernel dependent. Many updates to IPCOP do not change kernel version, but on occasion they do. If you are using addons, read the change log BEFORE updating IPCOP. The makers of addons to IPCOP make the addons when possible. Thus, updates will not be available as soon as IPCOP updates are released. Upgrade with caution. This also applies to addons which utilize components of IPCOP such as AdvProxy (Squid dependent).

1.7.7 How do I determine what ports I need to open for application XYZ?

Most applications have documentation for what ports (both port number and protocol) need to be opened for Internet users to be able to access the application. If the documentation for your application XYZ does not include this information and a online search does not return the required information, you can do the following to determine what ports you need to open:

1.7.8 What if I want to run application XYZ in/on Orange?

If you are running an application XYZ on Orange, you need to remember to give the IP address, DNS, and gateway settings. This application will be accessible from Green without any settings changes. For the application to be accessible from the Internet, you will need to add port forwarding rules as required.

1.7.9 Should I put application XYZ in Green or Orange?

1.7.10 Why do some applications (ABC) need a public IP, and how do I fix that?

Some applications require a fully accessible IP address. This can be required for a number of reasons. One example would be having a VPN server that only allows one client to connect from each IP address (Cisco VPN servers have this requirement).

This problem can only be fixed if you have multiple IP addresses. To fix this problem, add your additional IP addresses (via the Network – Alias page). Then install SNATGui. Configure each computer with application ABC to use a different public IP address.

1.7.11 How do I minimize the risk of running service XYZ on my IPCOP?

If you must run a service on IPCOP, you can greatly reduce the risk to IPCOP if you do the following:

1.7.12 How do I backup IPCOP to Bacula?

1.8 Command line options

1.8.1 How do I change the port forwarding settings from the command line?

1.8.2 How do I change the blue access settings from the command line?

1.8.3 How do I change the external access settings from the command line?

1.8.4 Qos_NG is too complex to use. Is there something else I can use?

1.8.5 How do I enable SSH access from the command line?

1.8.6 What text editors are built into IPCOP?

Chapter 2
Forum usage

Chapter 3
Tutorials

This section will provide detailed tutorials which allow the user to just follow along.

3.1 VPN Setup

3.2 Wireless with a Wireless Router

3.3 Creating an SSH Tunnel with IPCOP

3.4 Setting up IPCOP behind another firewall

3.5 How To Setup Modem and IPCOP for DSL PPPoE or PPPoA Internet Connection

3.6 Basic Networking Guide

3.7 Hardware check tutorial

3.8 Copying files to IPCOP

3.9 Running commands on IPCOP

3.10 IPCOP and VMware

3.11 SSH with private keys

3.12 SNatGUI Setup

3.13 Converting Existing Setups to IPCOP

3.14 Securing an existing IPCOP installation

3.15 Bare Metal Recovery

3.16 Adding additional interfaces to IPCOP (and get them to load correctly)

Chapter 4
Basic Network Layouts

Chapter 5
Requested Material

5.1 FAQs

5.2 Tutorials

Chapter 6
Getting in contact with the author

6.1 Requesting Material

To request a FAQ and/or Tutorial, please send ds531 or one of the other wiki editors a PM via ipcops.com. As time permits, requested material will be addressed.