Intro:
IPFire is an open source Linux based firewall. It is not JUST a firewall though. IPFire has a ton of features making it a perfect gateway to your home or business network. Here we will learn how to install IPFire.
IPFire has a lot of features to help make your business or home network secure. Besides the typical routing, DHCP, firewall rules, NAT, and all the other basics of routers/firewalls, IPFire also adds features such as:
- Stateful Packet Inspection (SPI)
- Intrusion Prevention System (IPS)
- VPN support (openVPN and IPSEC)
- Quality of Service (QoS)
- Web Proxy
- and more.
There are also a ton of add-ons to add support for Tor, System Monitoring, System Security, File Servers, Wireless Access Points, Mail Server, and more. A Full list of features can be found at the IPFire official website at https://ipfire.org.
This guide assumes you have downloaded the ISO from the official IPFire website, current version as of this writing is 2.27 and can be found here. Also you have created a bootable USB to install on your device. Our guide on Balena Etcher can help you create a bootable USB t use on your system. Your system should also have AT LEAST 2 network cards for this guide to work.
Installation:
Boot the system you are installing IPFire on from the IPFire USB you created. You will be greeted with a screen to select your language.
Select your language and hit OK. You can navigate with the Tab key and arrows, use Enter to select OK. The next screen is the Installation screen to start your install.
Select “Start installation” to begin the installation of IPFire. A License Agreement screen will appear.
Use the Spacebar to check that you accept the license, and hit Enter to select OK. Next the Disk Setup screen will show up.
If you have multiple hard disks make sure you select the correct on as all the data will be lost once the format is complete. Select “Delete all data” on your disk. The Filesystem Selection screen will show.
Choose your preferred filesystem type, typically ext4 is standard and it is what I would recommend. Select OK and the system will start the installation.
This will take a couple minutes, but once it is done you will be asked to remove installation media and reboot.
Remove your installation media (the USB drive) and select “Reboot” The system will restart and we can begin configuration!
Configuration:
Once IPFire has rebooted, you will be presented with a Keyboard Mapping screen.
Select your keyboard layout and select “OK”. The next screen will be your Timezone.
Select your Timezone and then hit “OK”. You will be asked for your Hostname.
Enter the hostname that IPFire should be used. The hostname identifies the device on the network besides its IP address. The default is “ipfire”. Next it asks for your Domain name.
Enter the domain name for your system. By default it is “localhost” and that can be used just fine. The machine will be addressed as <hostname>.<domain name>. So in this example, the machine is located at ipfire.lab.vulnifo.com. If you’re unsure, just keep it as localhost as you can still access it by IP address. Next you will be asked for a root password.
Enter the password you would like to use for the root user. As it states, this user will be used for any command line access you need to the system. Next it will ask for an Admin password.
Enter the password for the admin user. This is the user/password combo that you will use when logging into the web interface. Next up we get to the Network Configuration Menu.
We will visit all three of these options. The first being the Network Configuration Type. The way IPFire shows things is by COLOR.
- RED – The red interface is for WAN (internet)
- GREEN – The green interface is for LAN (local network)
- ORANGE – The orange interface is for DMZ
- BLUE – The blue interface is for WLAN (Mainly for a separated wireless network, wireless access points can still be on green)
We won’t be covering the ORANGE or BLUE interfaces as we don’t need them for our specific setup. So we will be covering the RED and GREEN interfaces. Under Network Configuration Type we can select the setup GREEN + RED.
We are going to be using GREEN + RED which means we have a WAN (red) interface and a LAN (green) interface. Next we go back to Drivers and Card Assignments.
Here we will select which network card we want to your for our GREEN interface. We will also select which card we want to use for our RED interface. Hitting the “Identify” button should (but not always) blink the lights on your network card so you can tell which interface is which.
Now that our network cards are selected and assigned, we can move on to the third option which is Address settings. For the GREEN interface it gives a warning.
Since we have physical access to the device we are using, we can just hit OK and move on.
Enter the address you want to use for the GREEN (LAN) interface. Tip: This is usually the first address of the subnet you are going to use. In this case I set it to 192.168.1.1 but you can choose any address in the Private Address space (192.168.x.x, 172.x.x.x, 10.x.x.x). We will setup the DHCP server on another step, so make sure you remember what address you set here! Next we assign the RED (WAN) interface.
The configuration for the RED (WAN) interface is really dependent on your Internet Service Provider (ISP). The cable coming out of your ISP modem goes to the RED interface as a simple setup. (Yes this will cause a double NAT, but bridging your ISP modem will solve that). We aren’t going to cover the different WAN setups here, so please make sure you know how your internet is provided. Wether it be cable internet, fiber, DSL, PPPoE, etc and choose appropriately. If you are completely unsure, DHCP is a good standard option that will work majority of the time.
Now that we have completed all 3 parts here, select “Done” and we can move on to the DHCP server configuration.
Enable the DHCP server (using space to check the box) and fill in the remains information. In our setup, our GREEN (LAN) interface is set to 192.168.1.1 – so we want all devices connected to it to be on the same subnet. Enter your start and End address, Primary DNS (which should be autofilled to the interface IP), Secondary DNS (optional but 8.8.8.8 is google DNS), leave the rest of the settings how they are (they should have been autofilled) and select OK.
This completes the setup! After selecting OK the installer will go away and you will be greeted with a login prompt to the command line.
At this point we are done with physical access to the machine, and there is no reason for us to login here.
Final:
Now we should have devices connected to the LAN, and we can use one of those devices to login to the IPFire web interface. The default port for the IPFire web interface is 444.
Open a web browser and input one of the following:
- https://ipfire:444 (ipfire being the hostname we set before!)
- https://<hostname>.<domain>.com:444
- https://192.168.1.1:444 (this is the IP address we assigned earlier!)
- https://<ip of server>:444
IPFire uses a Self-Signed SSL Certificate so you will get a browser warning but go ahead and accept and advance to the website. You will be asked to login.
Login with the user “admin” and the admin password you setup earlier. You should now be greeted with the IPFire web interface!
You installation is complete. Browse around, check out the options, and enjoy your IPFire firewall.
Conclusion:
You just installed IPFire firewall. You took the next step to consumer grade gear and are protecting your network! We will do future tutorials going over the different setups and configurations that IPFire allows, so keep an eye out!
If you have any questions or feel you can better this content, please get ahold of us and let us know on social media or our contact page.
As always, follows us @vulnifo for updates!