Friday, March 21, 2008

IPCop DNS and DHCP Tips

As I may have already mentioned, IPCop is an excellent open source firewall system that uses low-end computers that sit between your internal network (Green Zone) and the Big Bad Internet (Red Zone). Here are some things I to do with my network that simplify my job as an admin:

  • When using it with a network that has it's own internal DHCP and DNS servers, be sure to put DNS pointers to your IPCop's internal IP on the relevant internal DNS servers. Then you can access it by going to http://ipcop:81 when on your internal network.
  • On a smaller network, the IPCop makes an excellent DHCP and DNS server. However, when we set up IPCop, I've sometimes found it to give our external DNS servers to DHCP clients. Even when the hostname is registered in DHCP, our name queries try to use external servers that know nothing about the internal network. This is easily fixed by setting the IPCop's IP as the first DNS. I've found that this can speed up DNS resolutions a bit, also as it caches DNS info.
  • IPCop's internal DNS server is not self-aware. That is to say, if you punch in http://ipcop:81, you'll get an error message. But if you add it to the HOSTS list (Services -> Edit Hosts), it becomes easily resolved once you have have started using your IPCop for DNS.

No comments: