IPFire Installation and Configuration: Linux Firewall for Business

IPFire is an operating system that consumes very few resources, it can practically be used on any current computer, although logically, the performance we obtain will depend on the hardware used, and the same happens if we have thousands of rules in the firewall and also install a system of intrusion detection and prevention. Depending on our needs, we will need better or worse hardware.

Main features

The main objective of the IPFire operating system is to provide security in home and business environments, its firewall engine is very easy to configure, and its IDS prevents attackers from entering the network and prevents intrusions. In the IPFire configuration, we will have to divide the network into several zones, these zones have different security policies by default, which we can later configure in detail. For example, we have zones for the Internet WAN, LAN, DMZ and also WiFi. Another point in favor of IPFire is its continuous updates, something essential in a firewall since it is exposed to the Internet, therefore, having updates to the operating system itself and the extensions is essential to avoid security vulnerabilities.

Firewall and IDS / IPS

IPFire employs an SPI (Stateful Packet Inspection) firewall based on IPtables, the popular Linux firewall. This software allows packet filtering quickly, and, depending on the hardware, it is capable of providing bandwidths greater than 10Gbps. Thanks to the graphical user interface, we will be able to create groups of hosts and networks to later apply short and orderly rules to them, something important to know what we are filtering and also to maintain the rules. Of course, this firewall-oriented distribution has graphical reports and advanced logs to know everything that is happening in the system.

With IPFire we can configure the firewall to mitigate and block denial of service attacks, by filtering it directly in the firewall itself without reaching the servers, to add a very important layer of protection to our web services, FTP, email and others. . Of course, thanks to its advanced IDS / IPS (Intrusion Detection System and Intrusion Prevention System), IPFire will analyze all network traffic and be able to detect hundreds of types of network attacks, information leaks and other. suspicious network activity.

VPN

Today virtual private networks are very important to interconnect remote locations over the Internet and securely. IPFire incorporates different types of VPN, including IPsec VPN and also OpenVPN, ideal to be able to interoperate with firewall manufacturers such as Cisco, Juniper, Mikrotik, D-Link and anyone who uses the standards. Thanks to the incorporation of OpenVPN, remote users will be able to connect to the office as if they were physically there, and all this in a secure way since all communications are encrypted end-to-end.

Other features

IPFire incorporates a large number of features of professional routers and professional firewalls, some of the main additional features are the ability to configure a Proxy server in an advanced way, a DHCP server, incorporates domain name cache, NTP server for time, WoL (Wake ON LAN), DDNS server, advanced QoS, a complete record of all events that occur in the operating system etc.

One of the most important features is the ability to install extensions, thanks to this additional software, we can expand the functionalities of this professional firewall. Some of the most popular extensions are:

• Network file server with Samba and NFS.
• Network printer server.
• Asterisk for a VoIP switchboard.
• Teamspeak.
• Video recorder server.
• Mail server and antispam.
• Antivirus server using ClamAV engine.
• Streaming server.
• Tor to browse the Internet anonymously
• More plugins that can be downloaded directly from the main wiki on your website.

IPFire can also work in ARM architecture, allowing it to work under such interesting devices as a Raspberry Pi or similar equipment. It can also be installed on Amazon Cloud to have IPFire in the cloud, and that all communications work via VPN.

Download and install IPFire

The download and use of IPFire is completely free, just go to the official website and go directly to the “Download” tab. In this section we will have to choose the architecture of our equipment, normally it will be X86_64 architecture, but if you use ARM architecture, you will have to install the appropriate one that is just below. Once we are in the download section, we proceed to download the “ISO Image” image to load it from a CD or a pendrive. Being a bootable operating system, we can use any software to later start it.

Once we have downloaded it, we can burn it to a CD, copy it to a bootable USB, etc. In our case, we are going to install IPFire in a virtual machine with VMware, so that you can see how to install it in a virtual way and test it in a controlled test environment, to later move it to production. In this test environment we will create two network cards, one in bridge mode to connect in a real way to the local network, and another in host-only mode to be able to access the IPFire administration via the web from our computer, without depending from the local network.

Virtual Machine Configuration in VMware

In our case we are going to use VMware Workstation 15.5 PRO, but any version would be used to install this firewall-oriented operating system. The first thing we have to do when opening VMware is to click on «Create a New Virtual Machine», as you can see in the following screen:

In the VM configuration wizard we will have to choose the IPFire ISO image, select that the operating system is a Linux based on Ubuntu 64bit, although you could also choose a latest Debian version, it will work anyway. In the next menu we choose the path of the VM, the disk reserved for the virtual machine, and finally, we will see a summary of all the hardware that this virtual machine that we are going to create will have.

Before finishing, we must click on “Customize Hardware” to add an additional network card, and configure the network cards correctly.

Regardless of the number of CPUs and cores (we recommend 1 CPU and 2 Cores), and RAM (we recommend a minimum of 2GB), we have to add a second network card, because we will have the Internet WAN (network) and the LAN ( green). We click on “Add” and click on “Network Adapter” to add it.

Once we have the two added, we will have to configure them as follows:

• Adapter 1: custom VMnet1 (Host-only)
• Adapter 2: bridge (automatic)

Next, you can see how this configuration would look.

In the Windows 10 operating system, we must go to “Control Panel / Network and Sharing Center / Change adapter configuration” and change the IP address to the VMware Network Adapter VMnet1, putting the IP 192.168.1.2/24 as you can see below. Once done, click on accept and accept to exit the configuration menu.

Once we have everything configured at the virtual machine level, we can run the virtual machine to begin the installation.

Installing IPFire on VMware

When we start the virtual machine, we can see a very easy installation menu through the graphical user interface, we will have to select the first option “Install IPFire 2.25”, or simply wait a few seconds because it will run automatically when this time passes

Once the installation of this operating system starts, we will have to define the installation language, we have Spanish available so we do not have any problem with the language. Next, it will welcome us to the installation and we will have a button to begin the installation. Through the different menus we must move with the tab, space bar to select options, and with the «enter» for the OK or cancel buttons.

In these menus it will also indicate that the hard disk we have will be erased with all the data, we will have to choose the installation file system, it is recommended that it be EXT4, which is the most typical in Linux operating systems. Once we have selected it, the operating system will begin to be installed and in less than a minute we will have it available. Next, it will tell us that it has been installed successfully, and it will need us to restart IPFire. Once we reboot, it will boot up again and continue to run this installation wizard.

In the following menus we must choose the type of keyboard, the time zone, the host name of the IPfire itself, and also the domain name of the operating system.

Next, we must enter both the root password and the admin password, the root password will be used to access the console or SSH, and the admin password for the graphical user interface. A very important detail is that when we enter the password in the password field, the key is not reflected, not even with asterisks, we must put it “blind” for security, to prevent other users from seeing the length of the key.

The main IPFire configuration menu has a total of four options, which we must configure to start working with the firewall-oriented operating system:

• Type of network configuration : here we must choose between GREEN + RED, GREEN + RED + ORANGE, GREEN + RED + BLUE, GREEN + RED + ORANGE + BLUE. The most normal thing is to have GREEN + RED, without DMZ or anything, but later we can configure it without problem in the operating system itself. In this tutorial we will see how to do it with GREEN + RED, that is, two network interfaces.
• Assignment of controllers and cards : we must assign the network cards to their respective GREEN and RED interfaces. It is essential that we assign the network card in the bridge to RED, and the network card in vmnet1 we assign it to GREEN.
• Address configuration: we will configure the DHCP server in GREEN, and the Internet connection mode in NETWORK.
• Gateway Settings : this option is only used if we have a fixed IP in NETWORK.

The first thing we will do is select the type of GREEN + RED network configuration, then we must enter GREEN and select the network card.

How can we tell which VMware card is in bridge mode or in vmnet1? With the MAC address, in this way, we can assign the cards correctly to the different GREEN and RED networks. In VMware we click on «Virtual Machine Settings», select a network card, and click on «Advanced …» in the lower right part. Here we will get the MAC address, in our case, the first corresponds to GREEN, and the second to RED (by default, we only need to know the MAC of one of the cards).

Once we have assigned them, they will appear as follows:

In the ” Address configuration ” section is where we will have to configure the LAN of the GREEN interface, and the Internet configuration of the RED interface. Next, you can see all the menus, in our case, we have configured the LAN with the IP 192.168.1.1, to access from the 192.168.1.2 interface that we have previously configured in VMnet1.

In “Gateway Settings” we will not have to put anything, unless you have a fixed IP in the RED interface. Next, it will tell us if we want to activate the DHCP server, we can activate and configure it, but later we will also be able to configure it without any problem. Once we have completed it, it will indicate that the installation is complete.

As soon as we complete the wizard, the operating system will automatically start up with all the settings applied, and we will be able to log in through the console with the root user. If you want to access via the web, you will have to put the following in the address bar: https://192.168.1.1:444, it is very important that we put port 444 with HTTPS, regardless of the private IP address you have.

Once we have installed it, now we are going to show you the main configuration menus available.

IPFire Management Options

In order to access the IPFire operating system via the web, we have to enter the following URL in the address bar of the browser: https://192.168.1.1:444, if we have chosen another IP address, we can enter as long as we use HTTPS and the port 444 that comes preconfigured. Of course, web browsers will detect that the digital certificate is not recognized, we click on access the site and add the exception.

Once we enter the IPFire access password, we will access the main menu of the operating system. In the main menu we can see the Internet NETWORK interface and also the LAN (GREEN), and its configuration. In the upper bar we will have the different menus and configurations that we can do.

In the “System” section we can access the email service, SSH access, configuration backup, graphical user interface configurations, system information, if we have vulnerabilities in the hardware, and also turn off the operating system .

In the “Status” part we can see the status of the system, memory, services, physical media that we have, external and internal network options, network options (others), the status of OpenVPN, hardware graphics, entropy , connections, internet traffic and mdstat. That is, from here we can see the global status of the operating system. For example, in the “Net-traffic” section we can see a graph with real-time Internet traffic, and in the “Connections” section all the established connections with many available display options.

The “Network” section is where we can configure the different network zones, configure DNS, web proxy, content filtering, DHCP server, captive portal, edit hosts, DNS forwarding, configure static routes, WoL and other options Of configuration.

This firewall-oriented operating system has two types of VPN, both IPsec with different advanced settings, as well as OpenVPN. Of course, we have the possibility of configuring the NTP so that all the computers ask the time of said firewall.

Other available options are to configure the QoS, and also the possibility of adding external drives, either via USB or directly with SATA3 inside the server.

In the “Firewall” section is where we will have the possibility to configure all the rules, IPFire is based on iptables, therefore, under “below” it makes use of the popular Linux operating systems firewall. We can configure new rules, chains, and we can even group different hosts or networks to apply a specific configuration. At the firewall configuration level, this IPFire is as complete as iptables, however, if we do not have any configuration via the web, we will always be able to access via SSH to perform more advanced configurations.

This operating system also has an advanced IDS and IPS, in order to detect and prevent intrusions, it makes use of the popular SNORT, so we will have a large number of advanced configuration options, especially if we enter via SSH since the web configuration menu does not have many functionalities. We will also have the option to allow or block access to different P2P networks such as BitTorrent, Ares or EdonKey among others. Of course, we can block entire countries easily and quickly, as well as install a WiFi card and generate a WiFi access point to provide wireless connectivity.

In the «IPtables» section we can see all the rules of all the chains and tables at a low level, in this way, we can know at all times what is happening. We will also have the ability to install additional software on IPFire to expand the capabilities of this powerful firewall. Finally, the logs in a firewall is essential, this operating system will allow us to see and send the logs to a syslog server for further study.

As you have seen, IPFire is a very complete firewall-oriented operating system, which will allow us to protect all domestic communications and those of small and medium-sized companies. We must remember that this IPFire is based on Linux, and makes use of IPtables, since other similar operating systems are based on FreeBSD.

We hope that with this complete IPFire tutorial, you can protect your network more, and configure its security in detail.