IPCOP configuration

overview if you have not yet registered for the service, you can do so by visiting our registration page connect to the control panel by entering the ip address of the ipcop router in the address bar of any browser please note that you must type the address securely using port 8443, for example https //youripaddress 8443 then, log in by entering your administrative credentials enable ssh access first, you need to change the dns used by the ipcop on the red network to do this, click on the system menu, then open the ssh access section check the ssh access item and click on the save button to apply the changes change the device dns via ssh to access the console using the ssh protocol, you can use a terminal emulator software like putty open your ssh client and enter the ip address of the ipcop green network inside the host field and 8022 in the port field then click on open to connect to the console log in with your root credentials and type the command setup press the enter key, and a new page with a setup wizard will open select the networking item and click on the select button navigate to the dns and gateway settings item and click on the select button enter the address 185 236 104 104 in the primary dns field and 185 236 105 105 in the secondary dns field click on the ok button and wait for the network reconfiguration procedure to complete you can then close your ssh program to check if the dns addresses have been set correctly, click on status in the ipcop web panel, and then open the network status menu look for the red dns configuration item and verify that our cloud ips are correctly listed configure dynamic dns service at this point, we need to configure ipcop so that it can authenticate with our cloud servers open the services menu and click on dynamic dns as the service provider, choose dyndns org you absolutely do not need to be registered with the dyndns org service our system will automatically intercept and redirect the update requests directly to themselves click on the add button to proceed with the service configuration and fill in the fields exactly as follows enabled check the item to enable the service hostname enter any name you like, for example, the word hostname domain enter a domain of your choice, for example domain com username enter the specific username assigned to your dynamic network inside our dashboard do not use your main registration email password enter the specific password assigned to your dynamic network finally, click update to save the changes configure the dhcp server you can now enable the dhcp server so that it automatically assigns network parameters, including our filtered dns, to the various internal devices to configure the dhcp server, open the services menu and click on dhcp server fill in the various fields as follows enabled put a checkmark to enable the service start address enter the first ip address in your dhcp range end address enter the last ip address of your dhcp range default lease time mins set the dhcp lease time in minutes primary dns enter the address 185 236 104 104 secondary dns enter the address 185 236 105 105 click on the save button to apply the changes alternatively, the dns of the various devices within the network can be changed manually one by one optional deny dns changes by users it is possible to increase security by denying users the ability to browse unfiltered by manually changing the dns on their local devices to do this, proceed as follows open the firewall menu and click on firewall at this point, you need to create rules to block all outbound traffic on port 53 for both tcp and udp protocols, except for requests directed specifically to our cloud ips allow primary dns click on the outgoing traffic button to create a new rule ensure the rule permits traffic where the destination ip or net field is set to 185 236 104 104 then click save to add the rule allow secondary dns create another rule exactly similar to the previous one, but the destination ip or net field must be 185 236 105 105 block all other dns finally, you need to create an additional rule with the purpose of blocking all remaining traffic on port 53 for both tcp and udp this drop rule must be logically placed to catch traffic that does not match the two specific allow rules above