installalling ipfire

7/22/2019 Installalling IPFire

1/25

Installalling IPFire

Before proceeding further, let us make sure that we have the following things in hands first.

1. IPFire needs a at-least a Pentium based i586 336 ghz or better CPU

2. It needs 256MB RAM, 512MB is recommended

3. It needs only 100MB disk space, but 2GB hdd would be better

4. Finally an important thing you need at least two network adapters. One for ISP (Inbound) and

another one for your LAN (Outbound)

Downloadthe latest version of IPFire. Burn the CD with the ISO and boot the system. The following

screen should appear. Press ENTER to continue.

Select the Language and Press OK.
http://www.ipfire.org/downloadhttp://www.ipfire.org/downloadhttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Running-Oracle-VM-VirtualBox_001.pnghttp://www.ipfire.org/download


2/25

Accept the License Agreement and Press OK.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Running-Oracle-VM-VirtualBox_002.png


3/25

Select Yes to format the hard drive.


4/25

Choose your filesystem type and Press OK.


5/25

Now the installer will begin to install the base system.


6/25

Reboot the system after completing the installation.


7/25

Select the keyboard layout. Here I prefer US keyboard layout.

Select your time zone.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Running-Oracle-VM-VirtualBox_008.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Running-Oracle-VM-VirtualBox_007.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Running-Oracle-VM-VirtualBox_008.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Running-Oracle-VM-VirtualBox_007.png


8/25

Enter the host name for the firewall. In my case its firewall.

Enter the domain name.


9/25

Enter the root user password for command-line access. Passwords will not be visible (even the *****

characters).

Enter the admin user password for web based administration.


10/25

Here weve come the important section. You have to carefully select the Network configuration. Here

let me explain you about the network zones of IPFire.

In a standard IPFire installation it is Green + Red, which means 2 networks. Typically yourGreennetwork is for your LAN and yourRed network is for WAN(Internet).

A maximum of 4 networks is possible namely Green, Blue, Orange and Red.

Red - WAN - External network, connected to the Internet

Green - LAN - Internal/Private network, connected locally

Orange- DMZ - Unprotected/Server network, de-militarized Zone

Blue - WLAN- Wireless Network, separate network for wireless clients

Configure accordingly depends on your network. In my case I am using only two network cards Green

and Red. Green Network is connected to my home network and Red network is connected with WAN.

So here I select GREEN+RED network type.


11/25

Select the network card for Green zone.


12/25

Select the interface for Red zone.


13/25

After selecting the interfaces for both zones click Done to save the changes.

Now you will again return back to your Network Configuration Wizard. Now click on Address settings

to set the IP Address for the network interfaces.


14/25

Select Green interface and click OK.

Enter the IP Address for Green interface.


15/25

Now set IP Address to RED interface. Set your WAN IP address.

After setting up IP addresses click done to return back your network configuration wizard. Click on

DNS and Gateway settings tab and set your DNS and Gateway to connect internet.


16/25

After completing all the above steps click Done to finish the network configuration.

If you want to set this system as DHCP server for your LAN, check on Enabled button and enter the IP

range to serve to your LAN systems. Here Iam not using this server as DHCP. So I leave it as

unchecked.


17/25

Finally click OK to complete the setup wizard.

The system will automatically restart now. Thats it. Now the installation part is over.

Configure IPFire

You can access the IPFire administration console by navigating to https://ip-address-of-server:444/from your client system browser. Enter username as admin and password which you created during the

installation process.


18/25

This is how your home page of your firewall server looks.

Form here you can configure many services like Intrusion detection, VPN, Web proxy, firewall and so

on. Let me show you one by one.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Main-page-Mozilla-Firefox_032.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/Untrusted-Connection-Mozilla-Firefox_031.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Main-page-Mozilla-Firefox_032.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/Untrusted-Connection-Mozilla-Firefox_031.png


19/25

Status

This section will show the CPU and load graph of your firewall. You can find the CPU and load usages

of your firewall. Also you can view the reports in daily, weekly, monthly and yearly basis.

Network

Here comes the interesting section. There is no more hectic command line work. All you have to do is

just click on the relevant check box to make that particular service active. In this section we can

configure a lot of options:

Web proxy

You can make this server to act as a proxy server for our LAN. You can set both transparent and non -

transparent proxy i.e you dont have to mention the proxy server port in your client browser network

settings. And you can change the proxy port if need.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Status-information-Mozilla-Firefox_033.png


20/25

You can allow the ports which one is need. The remaining ports will be inactive. This option let the

users to allow the required ports through iptables. You can set which network series should be allowed

and which shouldnt be allowed in the proxy server.

And also you can restrict the users from using Internet particularly on IP based and name based andmac address based authentication. This feature is especially useful for one who dont want to provide

their internet to third-party users. You can allow the time scheduled internet usage to users.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Advanced-web-proxy-configuration-Mozilla-Firefox_035.png


21/25

We can set which day or which time that the internet should be accessed by users. We can limit the

download or upload size of datas too. This will restrict the users from downloading such a large file by

consuming all bandwidth. One more notable feature is that we can authenticate users from our LDAP,

Windows AD and from Radius serves.

If you did all the settings you need, click on Save and Reload or Save and Restart buttons.

Content Filter

This section is also more interesting. Navigate to the sub-menu in the right-side and click on Content

filter. In this section we can block ads, porn websites, social networking sites, hacking, drugs, audio-

video websites and so on.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Advanced-web-proxy-configuration-Mozilla-Firefox_036.png


22/25

If you want to block particular domains or websites, just add them one by one in the custom black list

section. The domains or websites added in this list will be blocked automatically. Or you can add all

the websites that you want to restrict in a separate file and import it to IPFire firewall.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-URL-filter-configuration-Mozilla-Firefox_038.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-URL-filter-configuration-Mozilla-Firefox_037.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-URL-filter-configuration-Mozilla-Firefox_038.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-URL-filter-configuration-Mozilla-Firefox_037.png


23/25

There are other sections such Update accelerator, DHCP server, Connection scheduler etc. Go through

to those sections and make the changes as per your requirement.

Services

In this section, you can configure services such as VPN, Intrusion Detection, Dynamic DNS and so on.

You can find the services listed on right-side sub-menu.

Firewall

In this section you can add the firewall rules whatever you want to implement. Navigate to the rightside sub menu to add more rules.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-VPN-configuration-Main-Mozilla-Firefox_039.png


24/25

Pakfire

IPFire has a package manager called pakfire which can be used to add many add-ons. You can add any

available plugins in this section and you can set the update options as well.
http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Pakfire-Configuration-Mozilla-Firefox_042.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Port-forwarding-configuration-Mozilla-Firefox_041.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Pakfire-Configuration-Mozilla-Firefox_042.pnghttp://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Port-forwarding-configuration-Mozilla-Firefox_041.png


25/25

Logs

Well, we reached the last section. In this section we can see all logs such as proxy logs, firewall logs,

IDS logs and URL filter logs. Using these logs we can track users and keep an eye on them what they

are doing on internet.

Conclusion

This is not the fully completed tutorial, it is far from complete. I personally tested this distribution and

installed it to some of clients. They are happy and satisfied with this easy-to-manage firewall. The

IPFire team is also providingcommercial supporttoo. For me it is the most well polished and hardened

firewall distribution which I have ever used. If you have any suggestions or know some other solutions,

drop it in the comment section.

- See more at: http://www.unixmen.com/secure-your-network-using-ipfire-firewall-

distribution/#sthash.ZSvuwGmm.dpuf
http://www.lightningwirelabs.com/http://www.lightningwirelabs.com/http://www.lightningwirelabs.com/http://180016988.r.cdn77.net/wp-content/uploads/2013/05/IPFire-Log-Summary-Mozilla-Firefox_043.pnghttp://www.lightningwirelabs.com/

installalling ipfire

Documents