Introduction: How To: Setup an IPCop Virtual Machine Firewall to Protect Your Windows Host (For Free!)
The objective of this project is to use IpCop (Free Linux Distribution) in a Virtual Machine to protect a Windows host system on any network. IpCop is a very powerful Linux based Firewall with advanced functions like: VPN, NAT, Intrusion Detection (Snort), Web Based administration, and Routing. The concept is that all traffic on the host OS will have to travel through the IpCop VM, thus protecting the Host. The host Windows system will not have any IP connectivity on its physical NIC and will be unable to communicate on the network without the VM running. The Host and the VM will communicate using the Microsoft Loopback Adaptor (installed on the host). You will also be able to configure other VMs to easily use the IpCop VM as their gateway to the network/internet as well.
- Host PC running Windows XP, Vista, or Server 2003 (maybe Server 2008).
- Download/Install latest version of Microsoft Virtual PC. (http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx)
- Download the latest .ISO build of IpCop. (http://www.ipcop.org/)
- Install Microsoft Loopback Adaptor (XP instructions: http://support.microsoft.com/kb/839013)
- Review IpCop documentation (http://www.ipcop.org/index.php?module=pnWikka&tag=IPCopDocumentation)
I recommend the "Installation Manual" and "Quick Start Guide"
- Although you will not be altering any system files, it is recommended that you back up your system before starting!
Note: This HowTo was performed on a Windows Vista Ultimate system.
Step 1: Document Your Current Network Settings.
1 - Browse to Control Panel > Network Connections.
2 - Find the "Local Network Connection" that is currently connected to the network/internet. Right Click and choose "Properties"
3 - Select "Internet Protocol Version 4 (TCP/IPv4)", and click the "Properties" button.
4 - Document all of your settings found here. (ex: DHCP Enabled, Static IP settings)
5 - In my example, I'm using DHCP on a 10.0.0.0/24 network.
6 - If you've already downloaded Virtual PC and the IpCop ISO, continue to step 7.
7 - Find the "Local Network Connection" that is currently connected to the network/internet. Right Click and choose "Properties". Un-check the boxes (disable) "Internet Protocol Version 4 (TCP/IPv4)" and "Internet Protocol Version 6 (TCP/IPv6)". At this point, you will not have IP connectivity on your network.
Step 2: Setting Up the Loopback Adaptor.
1 - Installing Microsoft Loopback Adaptor (http://support.microsoft.com/kb/839013)
There are several different ways to install the Loopback Adaptor. I think the easiest way is to go into "Computer Management" > "Device Manager". Right click on the "Computer Name" and choose "Add Legacy Hardware". Chose to "Manually install your device", then choose "Network Adaptors", Choose "Microsoft" for Manufacturer and "Microsoft Loopback Adaptor". Click "Next" to complete your installation.
2 - You will now see another Network interface installed in "Network Connections"
3 - Right click > Properties on the Loopback interface.
4 - Select "Internet Protocol Version 4 (TCP/IPv4)", and click the "Properties" button.
5 - Here, you can either set up a static IP or us DHCP that can be provided by your IPCop installation. I chose to use a static IP and picked a subnet that I would not normally use. In my example, I chose the following settings:
Gateway: 192.168.1.1 (we will assign this IP to our IpCop "Green" interface)
DNS: 192.168.1.1 (IpCop DNS Relay)
Step 3: Installing IpCop Virtual Machine
1 - Download the latest .ISO version on IpCop. (http://www.ipcop.org/)
2 - Install and configure Microsoft Virtual PC (http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx).
3 - From the Virtual PC console, click "New".
4 - Follow the Wizard for creating a new Virtual Machine. If you intend to run Intrusion Detection, I would recommend assigning 128mb-256mb RAM. (I chose 256mb since I've got 3.5GB with plenty to spare). Otherwise, I was able to run without IDS using 32mb of RAM! Hard disk space should be determined by the amount of log files you intend to accumulate within the IpCop. I chose 4GB, which should be more than enough for me.
5 - Before starting the virtual machine, you need to configure the network interfaces.
6 - In the Virtual PC Console, Right click on your IpCop VM and choose "Settings". In the "Settings for IpCop" window, select "Networking" on the left side.
7 - Set the number of Network Adaptors to "2". (IMAGE 0)
8 - Assign "Adapter 1" to "Microsoft Loopback Adaptor"
9 - Assign "Adapter 2" to your physical network card. Click "Ok" to save and exit the settings window.
10 - Start the Virtual Machine
11 - Quickly locate the CD icon in the lower left of the VM window.
12 - Right click on the CD and choose "Capture ISO Image". Browse to the location of the IpCop ISO, select the ISO, and click "Open".
13 - If you did this fast enough, your virtual machine will boot from the CD image.
14 - At the IpCop Boot Screen, press Enter (IMAGE 1)
15 - Choose your Language (ex: "English")
16 - At the "Select Installation Media" screen, Select "CD-ROM/USB KEY". Press Enter
17 - The installation will now check for installed hardware on the virtual machine
18 - You will get a warning saying that the installation will now prepare the harddisk (the virtual hard disk assigned to the VM). Press "Ok"
19 - Next, you'll get a prompt asking if you want to restore a backup. We'll choose to "Skip" this section (IMAGE 2)
20 - Next, we'll be configuring the "Green" interface. I chose to "Probe" for devices. (IMAGE 3)
21 - IpCop identified the network adapter as "Digital 21x4x Tulip PCI ethernet Card, ect". I then chose "Ok" to continue. (IMAGE 4)
22 - Now, configure IP settings for the "Green" interface. This will be our gateway address we used in step 2.5. Press "Ok" (IMAGE 5)
23 - You'll now see a message stating that "IpCop has been successfully installed ", but it's not over yet. you've still got some configuring to do. Press "Ok". (IMAGE 6)
24 - You'll be asked what type of keyboard your using. Most likely you'll be selecting "us". Press "Ok" to continue.
25 - Set your time zone. Press "Ok" to continue
26 - Enter a "Hostname" for your Virtual Machine. Press "Ok" to continue. (IMAGE 7)
27 - Enter your local domain. Press "Ok" to continue.(IMAGE 8)
28 - Next, you'll be prompted for ISDN configuration. I am not using ISDN, so I will choose to "Disable ISDN". Press "Ok" to continue. (IMAGE 9)
29 - Now, you'll see the "Network Configuration Menu". You'll need to configure all 5 options. (IMAGE 10)
30 - Select "Network Configuration Type" and press Enter. From the next menu, choose "GREEN + RED". Press "Ok" to return to the "Network Configuration Menu". (IMAGE 11)
31 - Select "Drivers and card assignments" and press Enter. You will now be prompted to change your current configuration. You'll notice that the "RED" interface is "UKNOWN" at this point. Press "Ok" to change the settings. (IMAGE 12)
32 - You'll be brought to a card assignment screen. Choose "Probe" to auto-detect your network cards. (IMAGE 13)
33 - After Probing, you'll be prompted to assign the second NIC to the "RED" interface. Press "Ok" to continue. (IMAGE 14)
34 - You'll then get a message saying "All cards assigned successfully" and will be returned to the "Network configuration menu".
35 - Continue to "Address Settings" and press Enter.
36 - Select "RED" and press Enter. (You've already setup the "GREEN" interface in Step 3.22)
37 - Enter the configuration documented in Step 1.4 (I'm using DHCP). Press "Ok" to continue. (IMAGE 15)
38 - If both "GREEN" and "RED" interfaces are configured how you want them, press the "Done" button.
39 - Back at the "Network configuration Menu", Select "DNS and Gateway settings".
40 - If you're using a static IP on your "RED" interface, you will need to enter at least one DNS server IP address and your Default Gateway address here. Press "Ok" to continue. (IMAGE 16)
41 - Back at the "Network Configuration menu" again, select "DHCP server configuration" and press Enter
42 - This configuration screen will allow you to set up a DHCP server to serve addresses on you "GREEN" interface. Since I'm using at static IP on my loopback interface, I do not need to set up DHCP. Press "Ok" to continue. (IMAGE 17)
43 - Back at the "Network configuration menu", press the "Done" button to move forward. (Only proceed if you've completed all of the configuration steps!) (IMAGE 18)
44 - Next, you will be prompted to set a 'root' password for the Linux command line access. (note: when entering the password, there is no visual feedback for how many characters have been entered.) Type a new password twice and press "Ok" to continue.(IMAGE 19)
45 - Now, you will set the 'admin' password for the IpCop web administration pages. Type a new password twice and press "Ok" to continue. (IMAGE 20)
46 - Now, you will set the 'backup' password that's used to export the backup key. Type a new password twice and press "Ok" to continue. (IMAGE 21)
47 - Installation is now complete. Press "Ok" to reboot the Virtual Machine. (IMAGE 22)
Step 4: Test Network Connectivity and Use IpCop Web Administration.
1 - Wait until the IpCop VM is fully up and running.
2 - Ping 192.168.1.1 (or whatever you assigned to the "GREEN" interface). By default, you should get a response.
3 - Try connecting to the IpCop Web administration by opening a web browser and going to:
4 - Log in using 'admin' and the password you provided in Step 3.45
5 - You may also want to run nslookups and ping internet servers to test connectivity
6 - You should now be configured and protected using the default IpCop settings.
Step 5: Using IpCop As a Gateway for Other VMs.
This is very simple. In the Virtual PC Console, right click on any virtual machine, open "Settings". Now go to "Networking" and set the primary adaptor to use the "Microsoft Loopback Adaptor"
We have a be nice policy.
Please be positive and constructive.