Open source projects

Download as PDFDownload as PDF

Contents

Advisory services

SmoothWall and IPCop

For some time, projects have been running to establish dedicated appliances based upon Linux, such as firewalls and web caches. These projects provide a pre-configured tool specific to one task which is easy to implement and configure.

The SmoothWall project was created by Richard Morrell and Lawrence Manning in 2000 and rapidly became the open source firewall implementation of choice for those wanting a cheap firewall on standard PC hardware. SmoothWall was based upon the Linux operating system and came pre-configured with all user-changeable options available through a web interface, negating the requirement for Linux experience. However, commercial interests led to a split in development efforts, including the creation of IPCop in 2003.

IPCop is a Linux-based distribution with the sole purpose of providing a firewall platform. The firewall is based upon the Linux NetFilter code and provides the same stateful firewall in an easy to manage solution. It is open source under the GNU Public Licence and is available on CD-ROM in more than 17 languages. IPCop is used by many organisations in the UK HE and FE communities.

Installation requires a dedicated computer, although a VMware image can be used for familiarisation with the project and interface. The minimum hardware requirements are a staggering 386 processor, 32Mb of RAM and a 300Mb hard disc, but lower specifications of hardware will not provide performance for faster wirespeeds and more advanced features.

Features of IPCop include:

  • secure configuration through any web browser
  • support for multiple interfaces
  • DHCP Server daemon for the internal network
  • VPN server with certificate support
  • caching DNS server
  • web cache
  • Intrusion Detection System
  • traffic shaping and QoS facilities.

Configuring IPCop after installation is easy, using the machine console or once the interfaces have been configured, through any web browser. Later versions also support a HTTPS (SSL) connection. The interfaces are easily identified by colour: green for inside, red for outside, orange for the DMZ and blue for wireless.

Once configured, like any hardware used as a server, IPCop can operate ‘headless’ without keyboard and monitor.

M0n0wall

M0n0wall is an embedded firewall distribution based on FreeBSD®. It can be installed like IPCop, or can run from a LiveCD or on an embedded system. M0n0wall provides a stateful packet filter firewall, NAT, VPN endpoint termination and a captive portal.

The distribution is very similar to that of IPCop with the primary addition of the captive portal. A number of UK HE/FE sites have been using the captive portal element of M0n0wall as part of the early LIN trial before the full JANET Roaming service was created.

advisory
multi-site connectivity
firewalls
security
open source
technical guide
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo