Chapter 3. Initial Configuration

For all install media IPCop will automatically continue with its installation, by setting up its initial configuration.

The first screen allows you to configure your keyboard.

The next screen, above, asks for your time zone.

Many people leave the time zone as London or UTC. This allows you to leave your PC's hardware clock set to the local time. There is a disadvantage to this setting. If your local time zone changes from Winter to Summer or Daylight Savings to Standard time, you will have to remember to manually change the IPCop PC's clock. If you set the time zone to your correct time zone, IPCop will automatically change the time for you.

You must then configure your IPCop machine's hostname.

The default of “ipcop” is fine. You may want to change this if you are planning on setting up a VPN and allowing administration across your VPN. In this case you may want to give each IPCop machine a unique hostname, such as ipcop1, ipcop2, millie, steve, bob, etc.

IPCop will continue with the setup command automatically.

The next screen starts a series of dialogs that will help you set up your ISDN card. If you do not have an ISDN card, select Disable ISDN, and setup will continue with USB ADSL modem setup.

If you do have an ISDN modem, select the protocol and country.

After setting protocol and country, you may need to set driver parameters for your card, especially if it's an ISA card. If so, select Set additional module parameters.

Next you must select the type of ISDN card you have.

IPCop will probe for the card type, if you select AUTODETECT. If necessary, you can manually select the card you have.

The final step in setting up your ISDN card is setting its local phone number.

You can select your USB connected ADSL modem on the screen below.

If you do not have one, select Disable USB ADSL and setup will continue with your network configuration, below.

The only step you need to take in setting up your USB connected ADSL controller is to select the type of controller. IPCop as usual will try to detect the correct controller, but if it can't, you will have to select it yourself.

Next you will configure your network interfaces. The Network Configuration Menu will take you through the steps necessary to configure them.

As mentioned, above, there are three network interfaces supported by IPCop, RED, ORANGE and GREEN.

The RED interface is considered the hostile network and can connect via Ethernet, ISDN, analog or ADSL modem. This dialog lets you choose your network configuration type.

When you select Ok, you will be returned to the Network Configuration Menu, above. Tab to the Drivers and card assignments line, select it and press the Enter key.

If your RED interface uses an Ethernet connection, configuration is identical to the way you configured your GREEN interface, above.

If your RED interface does not use an Ethernet connection, skip to the discussion about configuring your ORANGE network interface.

After configuring your Ethernet card and driver information for the RED interface, return to the Network Configuration Menu by selecting the Done button.

Next, select the Address settings menu item to configure the way your interface gets its IP address information. This is dependent on your ISP and connection.

Static addressing is used when your ISP has supplied you with a permanent IP address. Enter it in the IP address box of the dialog. IPCop will automatically choose a Network mask. You may modify the network mask as needed.

DHCP is used when your ISP has indicated you are to use automatic addressing.

Some ISP's, require you to provide a hostname to their DHCP server. This probably is not IPCop's hostname. If it's needed, you can probably use the first part of the fully qualified domain name you noted while gathering the network parameters, above.

If your connection is via PPPOE, your ISP will supply all necessary information during the initial connection, so you won't have to do anything, after selecting it.

If your connection is via PPTP, you will have to supply your RED network IP address and Network mask, just like the static addressing case. This address is almost always 10.0.0.150 with a network mask of 255.255.255.0.

You may choose to configure an ORANGE interface. Its configuration is identical to the way you configured your GREEN interface, above.

You can even reconfigure your GREEN interface at this time, by selecting it from the interface menu.

When you are done, select the Ok button, to return to the Network Configuration Menu.

The next item in the Network Configuration Menu allows you to configure your ISP's DNS servers and your default gateway. You will only need to use this dialog if you are using a static IP address configuration for your RED interface.

If you are planning to run a DHCP server on IPCop you can configure it at this time. Otherwise, do not enable the server, and continue with setting passwords, below.

Dynamic Host Configuration Protocol allows computers to configure their network interfaces when they are booted.

You can delay setting up IPCop's DHCP server until after the installation completes. See the Administration Manual for a description of the web based method of enabling and configuring the DHCP server.

You must select Enabled to enable the DHCP server.

The Start and End addresses define a range of addresses that IPCop's DHCP server will assign to computers when they ask for an address. Do not use your full network range for DHCP. At a minimum leave out IPCop's address. As a practical matter, at some future point in time you may wish to run servers that are only accessible from within your GREEN network. Whether they run FTP servers, web servers, sendmail or any other service that needs a permanent address. These servers should be assigned IP addresses outside the dynamic DHCP range. A good range might be from 192.168.1.200 to 192.168.1.250. This will allow 51 concurrently connected computers on your GREEN network.

DHCP will pass out one or two DNS server addresses in addition to IP addresses. If you wish to run IPCop's DNS proxy, the first should be IPCop's IP address. You can enter a second DNS address as well. If you do not want to use IPCop's DNS proxy and are using Static IP addresses, use the DNS servers you specified while setting up your RED interface.

DHCP works by passing out leases on dynamic addresses that expire after a certain amount of time. Default lease time specifies the default lease time in minutes that DHCP will offer. After the default lease time, the client computer will attempt to ask for a new lease time for its acquired address. When the maximum lease time has expired, the client computer is no longer allowed to ask for the acquired IP address, but the server may still pass out a lease on the acquired address.

Finally, the Domain name suffix allows you to specify a suffix that is automatically appended to DNS requests if the initial name can't be found. Many ISPs set up a domain name suffix, and then tell users to enter “mail”, “news”, or “www” to get to services. What really happens under the hood is that a DNS request is sent out for “mail” first. When the DNS servers indicate that they don't know an IP address for mail, the next request is sent out with the domain name suffix appended, i.e. “mail.xxx.yyy.zzz.com” To make life easier, you may wish to add this suffix in the Domain name suffix line.

Unfortunately, space does not permit enough room on this line for some domain name suffixes. Please check the Administration Manual for another way to specify the suffix, which allows for a virtually unlimited length domain name suffix.

When you are done with the DHCP server configuration select the Ok button.

The next steps will set up your root, setup and web administrator passwords.

If you are familiar with Linux you may wish to do maintenance on IPCop. There are only two Linux user ids that are allowed to log on to the firewall root and setup. Enter the root password twice. Be careful, the root userid has the “keys to the kingdom” of your firewall. If someone gets its password they can cause all sorts of mischief. By default root is only allowed to log in via the console, though.

Next you will be prompted for your setup user id password.

This user id will immediately start running the setup command. When the setup command completes the user will be logged out. Again, be careful of this password. The setup user and command are very powerful.

Finally, you will be prompted for your web admin password.

The IPCop web pages will prompt you for this user ID and password when you use the IPCop web pages to administer IPCop. Unlike root and setup user passwords, web browsers do not handle special characters in passwords very well. Limit your admin password to upper lower case alphanumeric characters.

Congratulations!

You've completed your IPCop installation. Press Ok to reboot. After reboot is complete, you will undoubtedly need to perform some administrative tasks to complete you setup. For a complete description of how to administer IPCop, please check the Administration Manual.