Good journals:
(by blogrolling.com)
Monthly:
January 2005 (1)
May 2004 (1)
August 2003 (1)
July 2003 (8)
June 2003 (6)
May 2003 (5)
April 2003 (5)
March 2003 (4)
February 2003 (6)
January 2003 (7)
December 2002 (10)
November 2002 (13)
October 2002 (4)
September 2002 (8)
August 2002 (6)
July 2002 (1)
May 2002 (7)
April 2002 (13)
March 2002 (16)
February 2002 (12)
January 2002 (14)
Stuff I found:
RinkWorks
Nectarine Demoscene Radio
Random Blog Link
The Yumb Forums
Welcome to my journal. This is where I'll be revealing my innermost thoughts and feelings to the world. Occasionally I'll talk about other stuff, but mostly about my experiences.
Dec 13, 2002: IPCop Experiences (link | trackback: 0)
Time: 15:29 - Mood: Sad - Location: Work - Now playing: n/a
Following on from my previous post, I've taken some time to check out IPCop, and I must admit that I had high hopes for it. After all, the code is based on the SmoothWall code, so it should be able to do everything SmoothWall does and more, right?
Sadly, that wasn't my experience. I should mention at this point that I was installing IPCop in the same manner as SmoothWall - ie. on a VMware virtual computer that originally had Windows 98 on.
It installed okay the first time, and booted up in the same manner that SmoothWall did, which isn't surprising. :) The screens looked similar, too. But when I tried to use port forwarding, I just could not get it to work, no matter what I tried. It listed the entry just fine, but it didn't act upon it.
So, thinking that it might be a problem fixed by one of the updates, I started installing the updates. The instructions for the first three updates say that a reboot is not required - I took this at its word and installed the updates one-by-one. After each one, I re-tested the port forwarding capabilities - no luck after any of them.
At this point I decided to give IPCop a reboot and see if that would work. It rebooted fine, but I had (oops) accidentally forgotten to test the port forwarding afterwards (it probably wouldn't have mattered anyway - read on).
So the next thing I did was to install the fourth update. I rebooted the box as instructed, and was astonished when I found that it wouldn't boot properly - there was a kernel panic at boot. It worked when I passed the "single" boot option to the kernel - which tells the kernel to boot-up in single-user mode only - and then when I rebooted normally afterwards, it came up as it should. I still don't know what happened there, but it certainly was not good. Of course, it could be because I'm using VMware (unlikely, though) - or maybe I hit upon an intermittent bug. I've never had this problem with SmoothWall and its updates, though.
It didn't matter anyway; even after the reboot, port forwarding didn't work. *However*, I then booted up SmoothWall to see if it worked, and it didn't either. So, deciding that this was an unfair test, I decided to scrap both and re-install again, beginning with the Windows 98 hard disk image on both.
This time it was even worse. SmoothWall installed fine, without a hitch. So did IPCop; at least partially. The first time, I made a mistake in the install process and had to restart the installation (my fault, not IPCop's). But from then on, it only went halfway through the "Installing files" section before bombing out and saying it couldn't calculate module dependencies.
I tried again (that is, deleted the machine and created a new one beginning with the old Windows 98 image), and the same thing happened except that the install just started over. Basically, it was a comedy of errors. I'm only glad I tested it on VMware first; I would *not* want to go through this on my real box.
All in all, my experiences with IPCop were... well, not good. SmoothWall seems to be much more stable, but then there's the GPL/commercial problem I talked about before. However, if I had to make a choice between the two, I'd go with SmoothWall.
But, luckily, I *don't* have to make a choice, so for the moment I'm leaving them both behind and searching for a new firewall solution that I can stick on my old box running Linux. Heck, maybe I'll just build my own firewall system - but I'd really prefer not to have to do that. It'd certainly make for an interesting exercise though...
[back to main screen]