IPFire Linux Firewall

In this tutorial we will build a proper firewall with IPFire.

First of all we need to decide which hardware we should use.

The minimum requirements for IPFire:

Here is my hardware setup for this tutorial:

IPFire Image 1 IPFire Image 2

First we have to figure out the mac addresses of our network cards. Start a Linux live distribution from a USB flash drive or DVD and open up a terminal. Type in the command ifconfig . Now we have the mac address of our onboard NIC. Write down the address to a piece of paper:

IPFire Image 3

You can now turn off your pc and put the first PCIe network card into it:

IPFire Image 4

Start the Linux live distribution again and take a note of the new mac address:

IPFire Image 5

Do the same steps for the last network card:

IPFire Image 6 IPFire Image 7

Now we are ready to install IPFire. Download the latest IPFire image. Get the SHA1 checksum of the downloaded image and compare it to the one on the IPFire website:

IPFire Image 33

Burn the image to a cd or put it on a usb flash drive and boot from it:

IPFire Image 8

The first dialogs are just the generic stuff like language and filesystem. Nothing too exciting here:

IPFire Image 9 IPFire Image 10 IPFire Image 11 IPFire Image 12

If the installation is complete you have to restart the pc and remove the installation medium:

IPFire Image 13

After some keyboard layout settings the interesting stuff begins. Now we have to choose a hostname and a domainname. For a home network it doesnt really matter what you choose:

IPFire Image 14

Then we have to type in the root and the admin password. The admin password is necessary to access the webinterface:

IPFire Image 15

Now we have to choose the network type. We have 3 NICs so we can use a type with 3 zones:

IPFire Image 16 IPFire Image 17

In the next steps we have to assign the network cards to our zones. I hope you have noted the mac addresses of your NICs, otherwise it is hard to figure out which one is which ;-)

IPFire Image 18 IPFire Image 19 IPFire Image 20 IPFire Image 21 IPFire Image 22 IPFire Image 23 IPFire Image 24

You should put some labels on the NICs to prevent mixing up the zones after reconnecting the network cables:

IPFire Image 32

In the last step we have to define subnets for the GREEN and the ORANGE zone. For the RED zone I use DHCP because I have no static IP in my home office:

IPFire Image 26 IPFire Image 27 IPFire Image 28 IPFire Image 29 IPFire Image 30

Now you can connect your modem to the red interface and your local network switch to the green interface. To access the webinterface type https://192.168.0.1:444 into your browser. The username is admin and the password is the one you have chosen in an earlier step:

IPFire Image 31

NOTE: In some cases you have to restart your modem when the mac address of the connected NIC changes.