Review: IPCop Linux Firewall

Reviews of open source based firewalls are usually very popular, and this one is no exception. Why do readers like these reviews so much?
3 answers Last reply
More about review ipcop linux firewall
  1. These are the results from reader Greger Blennerud's throughput testing:

    The computer used for testing both IPCop and Smoothwall is a Compaq Vectra VL, 650 MHz and 128MB RAM. The NICs are: Internal Boardmounted 3Com "Corkscrew" for GREEN. Two VIA Rhine Fast Ethernet cards for RED and ORANGE.

    In both cases I used a DLink DGS1005D as a switch on GREEN and a Dlink DI614+ (WLAN Router) as the switch on ORANGE. I have disabled DHCP on the 614+ and have no connection to the WAN port obviously. So basically I am only using the switching functionality in the Router.

    I used Ixia's Qcheck to run the throughput tests using the following two computers:

    PC on GREEN:
    - Compaq Presario 3.0 Ghz 1,5GByte RAM
    - On board Ethernet Realtek RTL 8139

    PC on ORANGE:
    - Compaq Deskpro 863Mhz, 256MByte RAM
    - On board Ethernet Intel PRO/100 VM

    I disabled the SW Firewalls on both PC's (ZoneAlarm) in order to eliminate any overhead. I noticed a small (2-3) Mbps improvement in doing so. Also before running the router throughput tests I used Qcheck to check the TCP/IP speed between the two test computers themselves and got the following results:
    (NOTE: Throughput tests were run with 1000kByte Data Size)

    TCP/IP Response time (ping): 1 msec (both directions)
    TCP Throughput Presario to Deskpro: 80.8 Mbps
    TCP Throughput Deskpro to Presario: 93.2 Mbps

    IPCop Test Results:
    TCP/IP Response time (ping): 1 msec (both directions)
    TCP Throughput Presario to Deskpro: 80.8 Mbps
    TCP Throughput Deskpro to Presario: 82-90 Mbps

    Smoothwall Test Results:
    TCP/IP Response time (ping): 1 msec (both directions)
    TCP Throughput Presario to Deskpro: 80.8 Mbps
    TCP Throughput Deskpro to Presario: 85-92 Mbps

    Conclusion: Both IPCop and Smoothwall support near wire-speed 100Mbps throughput using a 650MHz machine with 128MB RAM.
  2. Thanks to Tom's Hardware Guide about Linux based PC routers I've been using IPCop 1.4.10 for a month now and my net connections have been very stable. I was using hacked firmwares for my Linksys WRT54GS router but IPCop does so much more including VPN. I've installed OpenVPN in IPCop and it is working very well. Very pleased with it.

    There is a "AddOn Server" for IPCop that lets you pick 3rd party addons to increase the functionality of the router.

    I've tried several Linux based PC router builds such as Monowall, Smoothwall, Clarkconnect and IPCop. I like the fact IPCop supports up to 4 NICs. I've just ordered two Intel dual NICs and hopefully it'll work fine with it. I needed the 4th NIC for my mail server which is going to be running some kind of openexchange server. I am looking at Zimbra if I can get it to work correctly with Suse 10.

    Maybe Tom's Hardware can look into open exchange servers as an extension to linux line of networking?

  3. thiggins. Nice review of IPCop.

    BUT a correction is needed.

    M0n0Wall is FreeBSD-based. NOT Linux. Please make a correction such that you don't anger the FreeBSD or Linux folks. ;) (They are folks who do get anal about specifics, remember!)

    Secondly, the throughput numbers are as expected. In fact, you'll get the same numbers with a Pentium III 500Mhz OR a VIA C3 "Nehemiah" 1Ghz solution. (Say on one of those EPIA embedded boards)....That's based on my experience...It would be awesome when the EPIA EN12000 comes, as this is fanless! (C7 Eden 1.2Ghz CPU). :)

    I think one area that needs to be seriously looked at, is power consumption. (operating cost of building your own router over time).

    (1) Would it be possible to look at that with various platforms?
    ie: Old PC vs Recent PC vs EPIA 5000 vs EPIA 1Ghz vs Soekris (or WRAP)

    (2) As well, explore the throughput of each and compare?
    Say you do tests with IPCop, M0n0Wall and ClarkConnect.

    Because the three are very different in design...
    * IPCop is a featured firewall
    * M0n0Wall is a lightweight solution intended for embedded boards
    * ClarkConnect is a multi-purpose server with firewalling capability.

    So what I'm proposing, is a useful future article that explores the options for the DIY crowd. (Pros and Cons)

    You look at:
    (a) how the different software implementations affect performance?
    (b) how the different hardware perform? (How performance scales with hardware?)
    (c) how much would it cost (electric bill) if you ran these 24/7/365?

    Be sure to include two retail routers as a reference comparison. Say a WRT54G-series and one of those other ones that provide a near wire-speed throughput.

    This way, the article would give people a better idea of "why" or "why not" if you want to do a DIY router/firewall solution.

    LOL...I'm thinking like an engineer now, so I'll stop. But please consider the above idea as a future article! ;)

    I've been using open-source firewall solutions for over 5 yrs. None have failed me. (even when the whole family is doing P2P and gaming at the same time!)

    At the moment, I'm using M0n0Wall installed on a "Disk-On-Module" (256MB DOM) and an old fanless EPIA board. It hasn't failed me in over 2 yrs since I built it! :)

    I like this approach because I hate having to depend on someone else when something goes wrong. (I try to avoid tech support by any means! Most of the time, they cost you time and money with little achieved!)
Ask a new question

Read More

Article Discussion Reviews Firewalls Open Source Linux