Secure Your Network Using IPFire Firewall Distribution
IPFire is an open-source Linux distribution with many cool features such as web based GUI, web proxy, intrusion detection, VPN, virus scanner, fully customizable and many. Visit the official website for more details. It has many add-ons which can be installed with a single click and makes the system administrators life much easier or you don’t need him either. Sounds good? Well let us implement a firewall for our organization with IPFire.
Disclaimer: I can’t issue any assurance that this will work for you. There are many open-source firewall distributions available. I didn’t say that this is the only way to setup firewall system. There are plenty of tools available. This is the way that I have taken to implement the firewall system. We are making articles for all open-source firewall distributions. We will post the same periodically.
Before proceeding further, let us make sure that we have the following things in hands first.
1. IPFire needs a at-least a Pentium based i586 336 ghz or better CPU
2. It needs 256MB RAM, 512MB is recommended
3. It needs only 100MB disk space, but 2GB hdd would be better
4. Finally an important thing you need at least two network adapters. One for ISP (Inbound) and another one for your LAN (Outbound)
Download the latest version of IPFire. Burn the CD with the ISO and boot the system. The following screen should appear. Press ENTER to continue.
Select the Language and Press OK.
Accept the License Agreement and Press OK.
Select Yes to format the hard drive.
Choose your filesystem type and Press OK.
Now the installer will begin to install the base system.
Reboot the system after completing the installation.
Select the keyboard layout. Here I prefer US keyboard layout.
Select your time zone.
Enter the host name for the firewall. In my case its “firewall”.
Enter the domain name.
Enter the root user password for command-line access. Passwords will not be visible (even the ***** characters).
Enter the “admin” user password for web based administration.
Here we’ve come the important section. You have to carefully select the Network configuration. Here let me explain you about the network zones of IPFire.
In a standard IPFire installation it is Green + Red, which means 2 networks. Typically your Green network is for your LAN and your Red network is for WAN(Internet).
A maximum of 4 networks is possible – namely Green, Blue, Orange and Red.
|Red||- WAN||- External network, connected to the Internet|
|Green||- LAN||- Internal/Private network, connected locally|
|Orange||- DMZ||- Unprotected/Server network, de-militarized Zone|
|Blue||- WLAN||- Wireless Network, separate network for wireless clients|
Configure accordingly depends on your network. In my case I am using only two network cards Green and Red. Green Network is connected to my home network and Red network is connected with WAN.
So here I select GREEN+RED network type.
Select the network card for Green zone.
Select the interface for Red zone.
After selecting the interfaces for both zones click Done to save the changes.
Now you will again return back to your Network Configuration Wizard. Now click on Address settings to set the IP Address for the network interfaces.
Select Green interface and click OK.
Enter the IP Address for Green interface.
Now set IP Address to RED interface. Set your WAN IP address.
After setting up IP addresses click done to return back your network configuration wizard. Click on DNS and Gateway settings tab and set your DNS and Gateway to connect internet.
After completing all the above steps click Done to finish the network configuration.
If you want to set this system as DHCP server for your LAN, check on Enabled button and enter the IP range to serve to your LAN systems. Here Iam not using this server as DHCP. So I leave it as unchecked.
Finally click OK to complete the setup wizard.
The system will automatically restart now. That’s it. Now the installation part is over.
You can access the IPFire administration console by navigating to https://ip-address-of-server:444/ from your client system browser. Enter username as admin and password which you created during the installation process.
This is how your home page of your firewall server looks.
Form here you can configure many services like Intrusion detection, VPN, Web proxy, firewall and so on. Let me show you one by one.
This section will show the CPU and load graph of your firewall. You can find the CPU and load usages of your firewall. Also you can view the reports in daily, weekly, monthly and yearly basis.
Here comes the interesting section. There is no more hectic command line work. All you have to do is just click on the relevant check box to make that particular service active. In this section we can configure a lot of options:
You can make this server to act as a proxy server for our LAN. You can set both transparent and non-transparent proxy i.e you don’t have to mention the proxy server port in your client browser network settings. And you can change the proxy port if need.
You can allow the ports which one is need. The remaining ports will be inactive. This option let the users to allow the required ports through iptables. You can set which network series should be allowed and which shouldn’t be allowed in the proxy server.
And also you can restrict the users from using Internet particularly on IP based and name based and mac address based authentication. This feature is especially useful for one who don’t want to provide their internet to third-party users. You can allow the time scheduled internet usage to users.
We can set which day or which time that the internet should be accessed by users. We can limit the download or upload size of data’s too. This will restrict the users from downloading such a large file by consuming all bandwidth. One more notable feature is that we can authenticate users from our LDAP, Windows AD and from Radius serves.
If you did all the settings you need, click on Save and Reload or Save and Restart buttons.
This section is also more interesting. Navigate to the sub-menu in the right-side and click on Content filter. In this section we can block ads, porn websites, social networking sites, hacking, drugs, audio-video websites and so on.
If you want to block particular domains or websites, just add them one by one in the custom black list section. The domains or websites added in this list will be blocked automatically. Or you can add all the websites that you want to restrict in a separate file and import it to IPFire firewall.
There are other sections such Update accelerator, DHCP server, Connection scheduler etc. Go through to those sections and make the changes as per your requirement.
In this section, you can configure services such as VPN, Intrusion Detection, Dynamic DNS and so on.
You can find the services listed on right-side sub-menu.
In this section you can add the firewall rules whatever you want to implement. Navigate to the right side sub menu to add more rules.
IPFire has a package manager called pakfire which can be used to add many add-ons. You can add any available plugins in this section and you can set the update options as well.
Well, we reached the last section. In this section we can see all logs such as proxy logs, firewall logs, IDS logs and URL filter logs. Using these logs we can track users and keep an eye on them what they are doing on internet.
This is not the fully completed tutorial, it is far from complete. I personally tested this distribution and installed it to some of clients. They are happy and satisfied with this easy-to-manage firewall. The IPFire team is also providing commercial support too. For me it is the most well polished and hardened firewall distribution which I have ever used. If you have any suggestions or know some other solutions, drop it in the comment section.