IPCop With DansGuardian Installation and Configuration
IPCop With DansGuardian Installation and Configuration
IPCop With DansGuardian Installation and Configuration
Introduction
This document describes the step by step process of installing and configuring IPCop firewall with Cop+ for proxying & URL filtering. Cop+ uses the DansGuardian and combines GUI controls for the DansGuardian with automatic blacklist updates and optional Squid authentication. For the purposes of these procedures, we are installing IPCop to be used as a content filtering server for an internal network in conjunction with another firewall. IPCop will be placed between the inside network and the Internet firewall. There is also a section detailing how to use IPCop as a proxy on the internal network and routing back to the internal firewall, without any network segmentation. Useful Websites: Home http://ipcop.org/index.php Install and Configure: http://www.howtoforge.net/perfect_linux_firewall_ipcop http://www.howtoforge.com/perfect_linux_firewall_ipcop_p2 Install Add-ons Server http://firewalladdons.sourceforge.net/index.html Install DansGuardian http://home.earthlink.net/~copplus/install.html
Install IPCop
Create ISO Description Go to http://ipcop.org and download the ISO image for IPCop. For these installation and configuration procedures we are using version 1.4.10. Other versions may obviously have differences in their installation, configuration and use. Once youve downloaded and burned your CD, boot with it in the PC of your choice. Your PC MUST have at least 2 NICs to install and use IPCop properly.
Boot with CD
Procedures
Page 2
Install
1. 2. 3. 4. 5. 6. 7. 8.
9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22.
23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34.
At the initial boot prompt, [ENTER] Select your Language, OK At the Welcome screen, OK For Installation Media, select CDROM Your CD is already in the drive (you booted off it), so just OK Partitioning explanation, OK When prompted to insert a floppy with an IPCop system configuration, select Skip You will now be prompted to Configure Networking for the GREEN interface. This interface is for your inside trusted network. Select Probe The installation will select the first NIC it finds as your GREEN interface, OK Set your inside IP address and mask for this NIC, OK The initial installation process will complete. Remove the CD and select OK Select your keyboard mapping, OK Select your timezone, OK Enter a hostname for your box, OK Enter a domain name for your box, OK ISDN should then be shown as currently disabled. Select Disable ISDN to continue You will now be at the Network configuration menu. Select Network configuration type Select GREEN + RED Back in the Network configuration menu select Drivers and card assignments You will be prompted to change the settings. Select OK At the next screen select Probe You will then receive a list of NICs available for the RED interface. If your box only had two NICs to start with, obviously youll be given the only remaining NIC. Select it, then OK Card is assigned, OK Again, back at the Network configuration menu select Address settings Select the RED interface Set your Static IP address and mask, then OK At the Address settings menu, select Done Once again, back at the Network configuration menu select DNS and Gateway settings Set your DNS and network gateway, then OK Finally back at the Network configuration menu select Done For the DHCP server configuration, leave it as disabled, then OK Set a root password (note that you will not see typing or even see the cursor move), OK Now set the admin user password, OK Setup is now complete! Select OK to reboot
Procedures
Page 3
Procedures
Page 4
Now that we have our basic settings configured and verified, lets backup the configuration. 1. Under System, select Backup 2. You can choose to backup to a floppy or locally. For now, well just back up locally and then copy them off 3. Under Backup Configuration, click Create 4. You will now see a Backup Set with todays date & timestamp. 5. You will also see both an Encrypted and Unencrypted file with an Export link next to each. Click the Export link for the Unencrypted file and save it to your workstation 6. This is the same information that would go onto the backup floppy.
Install Cop+
Install Addons Server Description Cop+ uses the Addons Server mod, a mod that allows the easy installation of addons to IPCop. 1. Go to http://firewalladdons.sourceforge.net/index.html and download the current version (these instructions are based on version 2.3). The easiest way Ive found to do this is to download the file at your inside workstation, then use the Putty pscp.exe to copy the file to your IPCop box. 2. Once you have the file downloaded, place it on your IPCop box in the /root directory 3. Login to your IPCop box 4. Change to your /root directory cd /root 5. Issue the following commands to install the Addons Server v2.3b2: tar zxvf addons-2.3-CLI-b2.tar.gz C / cd /addons ./addoncfg i 6. Now open your browser and go to your IPCop site (or refresh the page). Youll see a new tab called ADDONS
Procedures
Page 5
Install Cop+
Now that the Addons Server is installed, we can install the Cop+ package. 1. Go to http://home.earthlink.net/~copplus/install.html and download the latest version of Cop+ (these instructions use are based on version 2.1 build 1) 2. Again, once you have the file downloaded, place it on your IPCop box in the /root directory 3. Login to your IPCop box 4. Change to your /root directory cd /root 5. Issue the following commands to install Cop+ v2.1 build 1: mkdir /root/copplus <line wrapped> tar zxvf Copplus-2.1-GUI-b1.tar.gz C /root/copplus cd /root/copplus ./setup After the install completes (it will take a few minutes, be patient) refresh your IPCop browser window. Under Services, select Proxy You should see the that the proxy is both Enabled and Transparent Now under Services, select Content Filter Here you will see the DansGuardian settings and it should show the service as Running Lets download the latest blacklist. Click the Download blacklists now button Wait a few minutes and the refresh the browser and/or check the logs under Logs => System Logs If you want to track all visited websites, youll also need to change the default setting that tracks only denied sites. Click the Advanced Settings button, then change the Log Level to 3 = all requests. Scroll down and click Save Click Return to Configuration Click BACK Click the button to Restart
You can now use IPCop to perform content filtering. Simply configure your workstation browsers to use the proxy server using the IP address (or name if you configured a host record in your internal DNS properly) and port 8080.
Procedures
Page 6