A dedicated firewall stands between the Internet and sanitizes the traffic flowing into the internal network. Setting one up is an involved process both in terms of assembling the hardware for the firewall to run on and configuring the software that powers it. However there are quite a few Linux firewall distros that help you setup a dedicated firewall with ease.
One of the oldest, most popular, and comprehensive firewall projects, is IPFire. The distro uses a Stateful Packet Inspection (SPI) firewall that’s built on top of the netfilter utility that facilitates Network Address Translation (NAT), packet filtering and packet mangling.
You can use it for everything from forwarding ports to creating a DMZ. The distro’s kernel is hardened with the grsecurity patchset to thwart zero-day exploits and comes with strict access controls.
IPFire has very modest system requirements. In fact using the distro is one of the best ways to upcycle an old computer whose hardware hasn’t been able to cope with the demanding requirements of the modern-day operating systems. A single core processor with 1GB of RAM, two network interfaces and 4GB of hard disk space is adequate for IPFire. A bigger hard disk will give you more dexterity to flesh out the IPFire installation.
Hook up the first network adapter to the router/modem from your Internet Service Provider (ISP). Connect the second to the network switch that will serve all the computers in your network. After you’ve setup IPFire make sure all the devices in your network connect to this switch, which will dole out IP addresses to the computers in the network via IPFire.
Once you’ve assembled the firewall computer, boot it from the IPFire install media. The firewall distro is written from scratch and has a straightforward installation process.
Follow through the firewall’s intuitive installation process using the default options which will install IPFire as the sole distro on the computer. When you reboot the machine post installation, you’ll be asked for a set of passwords for the root and the admin user.
Now comes the crucial part where you have to configure the roles for the network adapters in the firewall server. IPFire supports several different modes. The default mode, known as Green + Red, is designed for machines that have two network adapters.
Once you’ve selected this mode in the Network configuration type option, select the Drivers and cards assignments option to assign the NICs to either of the modes.
In this screen you need to mark the adapter connected to the ISP’s router as the Red interface and the one connected to the switch as the Green interface. You can identify the NICs through their MAC address.
Next scroll down to the Address settings option and configure the Green interface. Assign it 10.0.0.1 as the IP address with a Netmask of 255.255.255.0. For the Red interface select the DHCP option, and leave the rest of the parameters to their default values.
When you’re done with the network settings, IPFire’s setup wizard will bring up the options to configure the DHCP server which will hand out addresses to all the computers inside our network that’ll be hooked to the firewall through the switch.
Activate the DHCP Server and enter 10.0.0.10 in the Start Address field and 10.0.0.30 in the End Address field. This instructs the firewall server to handout addresses between these two values to machines connected to our firewall server. You can customize this number depending on the number of computers in your network.
That’s it. Save the settings and allow IPFire to boot up to the login prompt.
Now head to https://10.0.0.1:444 from any other machine on the internal network connected to the switch, and you’ll get to IPFire’s web-based administration panel. Use admin as the user and the password you assigned to it earlier while setting up IPFire.
The administration interface has a simple and easy to navigate layout with the different aspects of the firewall server grouped under tabs listed at the top of the page. It is logically arranged and clearly marked, which significantly simplifies the process of setting up the various aspects of the firewall as well as its different components.
The interface has a simple and easy to navigate layout with the different aspects of the firewall server grouped under tabs listed at the top of the page.
The System tab houses options that influence the entire install. This is where you’ll find the option to enable SSH access and create a backup ISO image of the installation with or without the log files. The GUI Settings option lets you customize the theme and other aspects of the IPFire administration console.
Then there’s the Status tab which gives an overview of the various components of the firewall. You can come here to get information about the CPU and memory usage on the server. The menu also houses options to monitor the bandwidth of the Internet traffic passing via the server as well for any OpenVPN gateway.
Another general purpose tab is the Services tab which lets you enable and configure individual services besides the firewall. Options to Dynamic DNS and Intrusion Detection can be easily configured using the various options available under this menu.
Straight after installation, you already have a fully functioning firewall. This is because IPFire implements some sensible defaults straight out of the box. This is a good starting point for you to build and customize IPFire as per your requirements.
IPFire can be used as a URL filter, a caching name server, an update accelerator, and more. It includes Squid and can easily double up as a web proxy and you can also use it to create a VPN server with both IPsec and OpenVPN. In addition to its firewalling duties you can also use IPFire to detect and prevent intrusions using a combination of Snort and an addon called Guardian.
IPFire ships with Pakfire, which is an extensive package management utility that makes it fairly simple to flesh out the basic installation. There are some useful add-ons such as the ClamAV antivirus scanner, Bacula backup, miniDLNA streaming server, and more. You can also use the Pakfire package manager to check and install any available updates to the distro itself.
IPFire manages to walk the tightrope between form and function. It has an approachable administrative interface, is no short of functions, and can be expanded with add-ons and has a vibrant community of users and ample documentation, which makes it an ideal choice for a wide variety of users.