[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-svn
Subject: [Ipcop-svn] SF.net SVN: ipcop:[4895]
From: owes () users ! sourceforge ! net
Date: 2010-08-29 19:35:24
Message-ID: E1Opnf2-00085m-65 () sfp-svn-4 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 4895
http://ipcop.svn.sourceforge.net/ipcop/?rev=4895&view=rev
Author: owes
Date: 2010-08-29 19:35:23 +0000 (Sun, 29 Aug 2010)
Log Message:
-----------
Rework first part(s) of the installation manual
Modified Paths:
--------------
IPCopDoc/trunk/en/install/xml/preparation.xml
Modified: IPCopDoc/trunk/en/install/xml/preparation.xml
===================================================================
--- IPCopDoc/trunk/en/install/xml/preparation.xml 2010-08-29 09:19:37 UTC (rev 4894)
+++ IPCopDoc/trunk/en/install/xml/preparation.xml 2010-08-29 19:35:23 UTC (rev 4895)
@@ -74,277 +74,184 @@
</para>
</sect1>
- <sect1 id="preparation-decide-configuration">
- <title>Decide On Your Configuration</title>
- <sect2 id="preparation-network-interfaces">
- <title>Network Interfaces</title>
- <para>
- IPCop defines up to four network interfaces, RED,
- GREEN, BLUE and ORANGE.
- </para>
- <sect3 id="red-interface">
- <title>RED Network Interface</title>
- <para>
- This network is the Internet or other untrusted
- network.
- IPCop's primary purpose is to protect the
- GREEN, BLUE and ORANGE networks and their computers from
- traffic originating on the RED network.
- Your current connection method and hardware are
- used to connect to this network.
- </para>
- </sect3>
- <sect3 id="green-interface">
- <title>GREEN Network Interface</title>
- <para>
- This interface only connects to the computer(s)
- that IPCop is protecting.
- It is presumed to be local.
- Traffic to it is routed though an Ethernet NIC on
- the IPCop computer firewall.
- </para>
- </sect3>
- <sect3 id="blue-interface">
- <title>BLUE Network Interface</title>
- <para>
- This optional network allows you to place
- wireless devices on a separate network.
- Computers on this network cannot get to the GREEN
- network except tightly controlled <quote>pinholes</quote>, or via a \
VPN.
- Traffic to this network is routed through an
- Ethernet NIC.
- </para>
- </sect3>
- <sect3 id="orange-interface">
- <title>ORANGE Network Interface</title>
- <para>
- This optional network allows you to place
- publicly accessible servers on a separate network.
- Computers on this network cannot get to the GREEN or BLUE
- networks, except through tightly controlled
- <quote>DMZ pinholes</quote>.
- Traffic to this network is routed through an
- Ethernet NIC.
- </para>
- </sect3>
- <sect3>
- <title>Network Interfaces</title>
- <para>
- Your firewall will need at least 1 Ethernet cable and network \
interface
- card (NIC).
- It may need up to 4 NICs, depending on the network configuration
- you choose and your connection to the Internet.
- </para>
- <para>
- All NICs must be different physical cards (or their equivalent if \
you
- have multiport cards).
- </para>
- <para>
- Ignoring for a moment the RED network, you will have to plug a
- separate Ethernet NIC and cable into your firewall for each of the
- GREEN, BLUE and/or ORANGE network.
- The GREEN and RED networks are required.
- The ORANGE and BLUE networks are optional.
- The interface requirements for your RED network will vary \
depending
- on your connection to the Internet.
- The RED network may require an additional Ethernet card and cable.
- </para>
- <para>
- <mediaobject id="fullconfig">
- <imageobject role="fo">
- <imagedata
- fileref="&imagepath;01a-network.&imageext;"
- format="JPG"
- contentwidth="16cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata
- fileref="&imagepath;01a-network.&imageext;"
- format="JPG"/>
- </imageobject>
- <textobject>
- <phrase>sample networks</phrase>
- </textobject>
- <caption>
- <para>
- RED, ORANGE, BLUE, GREEN Configuration
- </para>
- </caption>
- </mediaobject>
- </para>
- <para>
- The
- <link linkend="fullconfig">RED, ORANGE, BLUE, GREEN
- diagram</link>
- shows that, other than the RED net, each of the networks
- needs an Ethernet card.
- If you are currently using an Ethernet connection to the
- Internet, you will need a card for it, too.
- The networks must have different network addresses.
- </para>
- <note>
- <para>
- Remember, the BLUE and ORANGE networks are
- optional.
- </para>
- </note>
- <table frame="all">
- <title>NIC Requirements</title>
- <tgroup cols="5" align="left" colsep="1" rowsep="1">
- <colspec colname="Networks"/>
- <colspec colname="Networks"/>
- <colspec colname="Networks"/>
- <colspec colname="modem"/>
- <colspec colname="ISDN"/>
- <colspec colname="USBADSL"/>
- <colspec colname="eithernet"/>
- <thead>
- <row>
- <entry>Connection</entry>
- <entry>Modem</entry>
- <entry>ISDN</entry>
- <entry>USB ADSL</entry>
- <entry>Ethernet</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry><emphasis role="bold">RED, \
GREEN</emphasis></entry>
- <entry>1 NIC (G)</entry>
- <entry>1 NIC (G)</entry>
- <entry>1 NIC (G)</entry>
- <entry>2 NICs (G,R)</entry>
- </row>
- <row>
- <entry><emphasis role="bold">RED, BLUE, \
GREEN</emphasis></entry>
- <entry>2 NICs (B,G)</entry>
- <entry>2 NICs (B,G)</entry>
- <entry>2 NICs (B,G)</entry>
- <entry>3 NICs (B,G,R)</entry>
- </row>
- <row>
- <entry><emphasis role="bold">RED, ORANGE, \
GREEN</emphasis></entry>
- <entry>2 NICs (O,G)</entry>
- <entry>2 NICs (O,G)</entry>
- <entry>2 NICs (O,G)</entry>
- <entry>3 NICs (O,G,R)</entry>
- </row>
- <row>
- <entry><emphasis role="bold">RED, ORANGE, BLUE, \
GREEN</emphasis></entry>
- <entry>3 NICs (O,B,G)</entry>
- <entry>3 NICs (O,B,G)</entry>
- <entry>3 NICs (O,B,G)</entry>
- <entry>4 NICs (O,B,G,R)</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- </sect3>
- <sect3>
- <title>Relative Security of IPCop Network Interfaces</title>
- <para>
- The security model of IPCop is that the GREEN network is fully
- trusted and any requests from this network, whether initiated by a
- user or by a machine infected with a virus, Trojan horse or other
- <quote>malware</quote> is legitimate and allowed by IPCop.
- </para>
- <para>
- A new feature of IPCop 2.0.0, allows to set policies for each \
network
- interface. This makes it possible to allow only specific traffic \
to
- RED and IPCop.
- </para>
- <para>
- The order of trustworthiness of networks in order of increasing
- trust is:
- </para>
- <para>
- RED→ORANGE→BLUE→GREEN
- </para>
- </sect3>
- </sect2>
+<sect1 id="preparation-decide-configuration">
+ <title>Decide On Your Configuration</title>
+ <para>
+ The base configuration is <link linkend="red-interface">RED</link>
+ /<link linkend="green-interface">GREEN</link> where IPCop protects a
+ single internal network from the Internet.
+ If you have a wireless access point then you can attach it to the
+ <link linkend="blue-interface">BLUE</link> network interface and
+ configure IPCop to restrict the access of machines on your wireless LAN.
+ If you have some servers that need to be accessible from the Internet
+ you can place them in an untrusted DMZ attached to the
+ <link linkend="orange-interface">ORANGE</link> network interface.
+ </para>
+ <para>
+ Although you can easily change the network interfaces later, it is
+ advisable to have a plan before you start installation.
+ </para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para><link \
linkend="preparation-network-interfaces"><guimenuitem>Network \
Interfaces</guimenuitem></link> — + Description of IPCop \
network interfaces. + </para>
+ </listitem>
+ <listitem>
+ <para><link \
linkend="preparation-connecting-internet"><guimenuitem>RED \
connection</guimenuitem></link> — + How are you currently \
connecting to the Internet. + </para>
+ </listitem>
+ <listitem>
+ <para><link linkend="preparation-local-address"><guimenuitem>Network \
Address(es)</guimenuitem></link> — + Decide On Your Local \
Network Address(es). + </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <sect2 id="preparation-network-interfaces">
+ <title>Network Interfaces</title>
+ <para>
+ IPCop defines up to four network interfaces, RED,
+ GREEN, BLUE and ORANGE.
+ </para>
+ <sect3 id="red-interface">
+ <title>RED Network Interface</title>
+ <para>
+ This network is the Internet or other untrusted network.
+ IPCop's primary purpose is to protect the
+ GREEN, BLUE and ORANGE networks and their computers from
+ traffic originating on the RED network.
+ Your current connection method and hardware are
+ used to connect to this network.
+ </para>
+ </sect3>
+ <sect3 id="green-interface">
+ <title>GREEN Network Interface</title>
+ <para>
+ This network only connects to the computer(s) that IPCop is
+ protecting. It is presumed to be local.
+ Traffic to it is routed through an Ethernet NIC.
+ </para>
+ </sect3>
+ <sect3 id="blue-interface">
+ <title>BLUE Network Interface</title>
+ <para>
+ This optional network allows you to place
+ wireless and/or wired devices on a separate network.
+ Computers on this network cannot get to the GREEN
+ network except via tightly controlled <quote>pinholes</quote>,
+ or via a VPN.
+ Traffic to this network is routed through an Ethernet NIC.
+ </para>
+ </sect3>
+ <sect3 id="orange-interface">
+ <title>ORANGE Network Interface</title>
+ <para>
+ This optional network allows you to place publicly accessible
+ servers on a separate network.
+ Computers on this network cannot get to the GREEN or BLUE
+ networks, except through tightly controlled
+ <quote>pinholes</quote>.
+ Traffic to this network is routed through an Ethernet NIC.
+ </para>
+ </sect3>
+ <sect3>
+ <title>Network Interfaces</title>
+ <para>
+ Your firewall will need at least 1 Ethernet cable and network \
interface + card (NIC).
+ It may need up to 4 NICs, depending on the network configuration
+ you choose and your connection to the Internet.
+ </para>
+ <para>
+ All NICs must be different physical cards (or their equivalent if \
you + have multiport cards).
+ </para>
+ <para>
+ Ignoring for a moment the RED network, you will have to plug a
+ separate Ethernet NIC and cable into your firewall for each of the
+ GREEN, BLUE and/or ORANGE network.
+ The GREEN and RED networks are required.
+ The ORANGE and BLUE networks are optional.
+ The interface requirements for your RED network will vary depending
+ on your connection to the Internet.
+ The RED network may require an additional Ethernet card and cable.
+ </para>
+ <para>
+ <mediaobject id="fullconfig">
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;01a-network.&imageext;" \
format="JPG" contentwidth="16cm"/> + </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;01a-network.&imageext;" \
format="JPG"/> + </imageobject>
+ <textobject>
+ <phrase>sample networks</phrase>
+ </textobject>
+ <caption>
+ <para>
+ RED, ORANGE, BLUE, GREEN Configuration
+ </para>
+ </caption>
+ </mediaobject>
+ </para>
+ <para>
+ The
+ <link linkend="fullconfig">RED, ORANGE, BLUE, GREEN diagram</link>
+ shows that, other than the RED net, each of the networks
+ needs an Ethernet card.
+ If you are currently using an Ethernet connection to the
+ Internet, you will need a card for it, too.
+ The networks must have different network addresses.
+ </para>
+ <note>
+ <para>
+ Remember, the BLUE and ORANGE networks are optional.
+ </para>
+ </note>
+ </sect3>
+ <sect3>
+ <title>Relative Security of IPCop Network Interfaces</title>
+ <para>
+ The security model of IPCop is that the GREEN network is fully
+ trusted and any requests from this network, whether initiated by a
+ user or by a machine infected with a virus, Trojan horse or other
+ <quote>malware</quote> is legitimate and allowed by IPCop.
+ </para>
+ <para>
+ A new feature of IPCop 2.0.0, allows to set policies for each \
network + interface. This makes it possible to allow only specific \
traffic to + RED and IPCop.
+ </para>
+ <para>
+ The order of trustworthiness of networks in order of increasing
+ trust is:
+ </para>
+ <para>
+ RED→ORANGE→BLUE→GREEN
+ </para>
+ </sect3>
+ </sect2>
- <sect2 id="preparation-network-config">
- <title>Network Configurations</title>
- <para>
- The base configuration is RED/GREEN where IPCop
- protects a single internal network from the Internet.
- If you have a wireless access point then you can attach
- it to the BLUE NIC and configure IPCop to restrict the
- access of machines on your wireless LAN.
- If you have some servers that need to be accessible to the
- Internet you can place them in an untrusted DMZ attached to
- the ORANGE NIC.
- You should decide which combination you want for your
- site.
+ <sect2 id="preparation-connecting-internet">
+ <title>Connecting to the Internet or External Network</title>
+ <para>
+ How are you currently connecting to the Internet, today?
+ </para>
+ <para>
+ If you are connected through an external broadband modem or
+ router, you probably will be connected via an Ethernet
+ network interface card or NIC.
+ In any case, a similar card must be in your IPCop PC.
+ If you are connected via an internal analog modem,
+ ISDN modem, or ADSL USB modem, this must be moved to
+ the IPCop PC.
+ If you are connected via an external dial up modem, you will have
+ to connect it to your IPCop PC.
</para>
- </sect2>
- <sect2 id="preparation-network-config-types">
- <title>Network Configuration Types</title>
<para>
- Since the RED interface can connect either by modem
- or by Ethernet, there are eight Network Configuration Types:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- GREEN (RED is modem/ISDN)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + RED (RED is Ethernet)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + ORANGE + RED (RED is Ethernet)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + ORANGE (RED is modem/ISDN)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + BLUE + RED (RED is Ethernet)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + BLUE (RED is modem/ISDN)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + BLUE + ORANGE + RED (RED is Ethernet)
- </para>
- </listitem>
- <listitem>
- <para>
- GREEN + BLUE + ORANGE (RED is modem/ISDN)
- </para>
- </listitem>
- </itemizedlist>
- </sect2>
-
- <sect2 id="preparation-connecting-internet">
- <title>Connecting to the Internet or External Network</title>
- <para>
- How are you currently connecting to the Internet, today?
- </para>
- <para>
- If you are connected through an external broadband modem or
- router, you probably will be connected via an Ethernet
- network interface card or NIC.
- In any case, a similar card must be in your IPCop PC.
- If you are connected via an internal analog modem,
- ISDN modem, or ADSL USB modem, this must be moved to
- the IPCop PC.
- If you are connected via an external dial up modem, you will have
- to connect it to your IPCop PC.
- </para>
- <para>
This hardware will be used for your RED network interface.
</para>
<para>
@@ -407,8 +314,7 @@
<prompt>C:\></prompt><userinput>winipcfg</userinput>
</screen>
entered from the command prompt.
- On Windows NT and Windows 2000,
- the command is
+ On Windows NT, 2000, XP, Windows 7, etc. the command is
<screen format="linespecific">
<prompt>C:\></prompt><userinput>ipconfig /all</userinput>
</screen>
@@ -439,8 +345,8 @@
This is not the IP address provided by your ISP.
Addresses on this interface will never appear on the
Internet.
- IPCop uses a technique called Port Address Translation,
- PAT, to hide your GREEN machines from outside eyes.
+ IPCop uses a technique called Network Address Translation,
+ NAT, to hide your GREEN machines from outside eyes.
To make sure there are no IP address conflicts, it is
suggested that you choose one of the address ranges
defined in
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic