Thursday, 21 December 2006


I wanted to setup a proxy/firewall solution for our one branch to do the following:
  1. Block hacking attempts from external sources
  2. Block access to non-work related websites (i.e. porn, warez, etc..)
  3. Provide access controls to throttle internet access
I found several Linux distributions that can offer such services, but the one I ultimately chose was IPCop. IPCop is very easy to setup and configure. You may need some Linux experience to do it, but for the most part you can Google what you need.

Some Screenshots of my IPCop Setup:

The setup takes roughly 15 minutes and once you have done the basic installation you can start adding third party plugins to add more security and configurability.
I loaded the following add-ons to my installation:
  • CopFilter - Adds some filtering capabilities and blocks virus downloads, etc.
  • Advanced Proxy - Adds serious configuration enhancements to the proxy.
  • URL Filter - Adds ability to block domains and urls.
Some other tools you might need to do the installation of the 3rd party tools:
  • OpenSSH - Windows SSH client to copy addons to the IPCop machine
Instructions on adding a new 3rd party add-on:
  1. Make sure you have OpenSSH installed.
  2. Download the file to your local computer.
  3. Copy the downloaded file to your SSH bin directory. (C:\Program Files\OpenSSH\bin)
  4. Open a command line window. (Start --> run --> CMD)
  5. Move to your OpenSSH bin directory. (CD C:\Program Files\OpenSSH\bin)
  6. Run the command:
    scp -P 222 root@:/root
  7. On the IPCop machine login as root and run the following command:
    tar xzvf
  8. Move to the directory just created. ( CD )
  9. run the ./install command
I have now setup a policy in Active Directory that points all the client browsers to go via this proxy for monitoring purposes. I have not yet setup the firewall capabilities as I do nat have a second compatible Ethernet card.

I hope this rough little tutorial will help some of you out there. Please post comments if you require more information.