After much research and time, we have decided to try out the IPCop firewall with URL Filter for the school's needs. Our VERY limited budget made the decision even more difficult. So, we are currently testing it as a VMWare appliance on a Windows 2003 box. For the time being, we are directing 2 computer's traffic through it to test the waters. While IPCop is running in transparent mode, our LAN currently uses a Surfcontrol plugin on an ISA server and forcing the transparency to happen would require removing the MS Firewall client for all machines. A friend of mine will be scripting this so that the all workstations we be automatically run the uninstall.
One issue I am having is that I sometimes have to ping the IPCop box from the workstation in order to get internet access. For the testing phase, I am simply using IPCop as the gateway, but Linux seems to have an issue recognized other nodes on the network unless they are pinged. I haven't been able to find out much about this by Googling it. I guess I'm not using the correct keywords. If has any information on this, I would very much appreciate hearing about it. I suppose I could write a boot script but my guess is that there is an easier way. Anyone?? Does the fact that it is a VMWare appliance affect things? Thanks!!
Add your comments below.
Subscribe to:
Post Comments (Atom)
8 comments:
Running IPCop under VMWare is recommended only for demo purposes. Use a dedicated box for a live scenario.
Anonymous , why do you say that? What experiences have you had? Please explain. I'm interested in your reasons for your position.
Hi from anon, I've been supporting IPCops on multiple sites for several years, mainly in VPN scenarios. From experience IPCop is best deployed as a standalone firewall / router in a proper network - especially when you start throwing some of the recommended add-ons at it. Too many eggs in one basket is a sure recipe for disaster.
I recommend a minimum of a fast P3 (700Mhz) with at least 512mb memory if you are running 10+ PCs on your network, a 20Gb HDD should be sufficient.
Thanks, Anon! That's very helpful. Our previous testing was done on a standalone server, not a VMWare, and that was successful. I may switch back if users have to ping IPCops before they can access the net.
I respectfully disagree about running IPCop as a VM. I've been running IPCops under a VMware Server host for a year or so now in small office environments, with nary a problem. IPCop runs along side of a WAN server on orange (email, web) and a LAN server on green (samba, hylafax). All in a single server that sits on a Linux software raid-1 array. Sweet.
Yes, I am am more inclined to believe that my issues were NOT due running IPCOP on VMWARE but were either a bad cable, NIC Card or NIC configuration. Changing from VM to bareback setup only seemed to magnify my issues. Thank you all for your input. I will share more of my experiences soon and hope that you will all join in the discussion. My limited knowledge could certainly benefit from your expertise in this area.
Its the nic drivers in IPCOP, if you're using older NICs they tend to work perfectly, try some old 3coms - perfect.... or intel nics
Thanks for the suggestions, Anonymous (see previous). I figured as much. I have since switched to different hardware and using Untangle and very happy with it. Thanks!
Post a Comment