IPFire is a fortified open-source Linux distribution that serves primarily as a firewall and router. It has a web-based management console for configuration. IPFire Linux Firewall is one of the best and most effective open-source firewalls for any individual or an enterprise network. For more information about IPFire, you can read our Best Open Source Firewalls article.
You can easily set up IPFire over a guided dialogue on the console in less than half an hour. Then for further administration of the IPFire and installation and configuration of the add-ons, you can use the web-based management interface.
In this IPFire installation tutorial, we will cover
IPFire 2.25 Core update 157 version installation on
Proxmox step by step. You can follow the given steps below.
- Why you should install IPFire
- Checking hardware requirements of IPFire firewall
- Downloading IPFire image
- Uploading IPFire ISO File to Proxmox VE
- Creating a Virtual Machine on Proxmox VE
- Setting Network Configuration of the IPFire Virtual Machine on Proxmox VE
- Creating Linux Bridge
- Adding Network Devices to IPFire VM on Proxmox
- Installing IPFire
- Initial Configuration of the IPFire Firewall
Figure 1. IPFire firewall topology
By installing the IPfire firewall to protect your network, you will get the following benefits of the IPFire.
1. Easy to Use: IPFire`s cutting-edge firewall makes it simple to manage even the most complex enterprise networks.
2. Designed Security: IPFire was created with the goal of providing high security while remaining modular and flexible, whether you are an individual or a large enterprise. You can be confident that IPFire will protect the network from various types of security threats.
3. Package Management System:
PakFire, IPFire`s integrated packet management system, can update the entire system with a single click. It is a faster and more efficient method of installing patches, bug fixes, and feature enhancements that make IPFire more effective and safer.
4. Better Performance: IPFire runs well on embedded software and has been proven to provide a higher degree of performance and run evenly on all kinds of software.
5. Easy Installation: IPFire installation takes less than half an hour and it is very easy to use for the expert features.
6. Open Source: IPFire is free software released under GPL license. It has a large developer community that is constantly working to improve it.
You can use IPFire in any kind of Virtual Environments such as
- Microsoft Hyper-v
- Oracle virtual box
And IPFire can be run in ARM Processor build machines such as Raspberry pi.
Before installing the IPfire firewall, you should verify the hardware requirements for the installation. You can review the requirements located on the official website. At the time of the writing, minimum requirements are given as below.
|Processor||x86_64 CPU with 1 GHz or better or a supported ARM SBC|
|Memory||1GB or greater|
|Storage||at least 4GB of harddisk storage|
|Network||at least two Ethernet network adapters|
IPFire requires a i586 CPU (from the Intel Pentium I upwards) or better. It is recommended that a 1 GHz processor or faster is used.
Some ARM single board computers are supported by IPFire since release 2.9 .
IPFire requires a minimum of 512MB of memory. But IPFire developers recommend at least 1GB. The amount of memory should be increased if various add-ons are used. The web proxy and URL filter, as well as the Intrusion Detection/Prevention System, are memory-intensive features/add-ons.
At least 4GB of storage is recommended for log files and add-on packages.
IPFire supports drives up to 3 TB in size with IDE, SATA, and SCSI interfaces. The majority of hardware RAID controllers are also supported by IPFire.
IPFire needs at least two network adapters. The vast majority of Ethernet network adapters available on the market perform admirably on the IPFire. However, some 10GBit/s adapters are not supported by IPFire.
Now, that you've checked if your system is compatible with IPFire, let's get started with the setup guide.
Now, you can go to the official IPFire Download page and download the IPFire
ISO image that meets your needs to your local disk. We will download
x86_64 IPFire ISO Image.
Figure 2. Downloading IPFire ISO image
To start the installation of the IPFire on Proxmox environment, you must upload the IPFire ISO image from your local disk to the Proxmox node. You can easily upload the ISO file to your Proxmox system by following the next instructions.
- Connect your
ProxmoxWeb interface(such as
https://192.168.0.100:8006) using your favorite browser and log in as root.
- Navigate to
local disk (pve)-->
Figure 3. Uploading IPFire ISO image to Proxmox node
- Select the IPFire ISO image from your local disk to upload.
Figure 4. Selecting IPFire ISO image from local disk to upload Proxmox
- Click the
You can also copy the IPFire ISO image to your Proxmox environment by using a SCP/SFTP client applicaton. You should upload the ISO file into the
/var/lib/vz/template/iso directory on the Proxmox server.
After uploading the IPFire ISO image to the Proxmox, we will create a
Virtual Machine for our IPFire firewall. To create a virtual machine on Proxmox, you should follow the next steps given below.
- Click on the blue
Create VMbutton in the upper right hand corner of the Proxmox web UI.
- Enter a name for your virtual machine, such as
IPFirefw. Then, click
Figure 5. Naming the IPFire VM on Proxmox
- Select the IPFire
ISOimage under the OS tab, and then click
Figure 6. Selecting IPFire ISO to install on Proxmox as a OS
- You may accept the default settings on the
Systemtab by clicking
Figure 7. System settings of the IPFire VM on Proxmox
- Set the
Hard Disksize as you wish.
Figure 8. Setting Hard disk size as 32 GB for IPFire on Proxmox
- Set the
CPUconfiguration as you wish.
Figure 9. CPU settings for IPFire firewall on Proxmox
- Set the
Memorysize as you wish.
Figure 10. Setting Memory size 8 GB for IPFire firewall on Proxmox
- You may leave the
Networkconfiguration as default. We will cover this configuration for our topology deeply later.
Figure 11. Network configuration for IPFire firewall on Proxmox
- Confirm the IPFire virtual machine configuration by clicking on the
Figure 12. Confirming the IPFire virtual machine configuration
In this tutorial, we will configure three physical NICs for our IPFire firewall. These NICs will be used and configured for the following purposes
- WAN Connection: Internet connection/Untrusted zone. Red Zone
- LAN Connection: Clients and servers are placed in this trusted zone. Green Zone
- DMZ Connection: Servers that are accessible from the Internet such as web and FTP servers are placed in this zone. Orange Zone.
On an IPFire system you can define
4 types of security zones or networks as given below.
Figure 13. Network types on IPFire firewall
To be able to define 3 network interfaces for the IPFire virtual machine, firstly we must create
Linux bridge devices on the Proxmox device.
To create a
Network Bridge follow the next steps.
- Navigate to
Figure 14. Network devices on Proxmox
2. Click on the
Create button. This will pop up the
Linux Bridge configuration window.
- You may leave the name as default such as
vmbr2. Enter IPv4/CIDR address and Bridge ports (Network devices name seen on Network configuration window, such as
Figure 15. Creating Linux bridge on Proxmox
- Repeat steps 3 and 4 for creating the third Linux Bridge.
Figure 16. Creating another Linux bridge on Proxmox
5. Click on the
Apply Configuration button or
Reboot the Proxbox device to start to use new Linux bridges.
Now, you have three Linux Bridges as seen in the Figure below.
Figure 17. Viewing network devices on Proxmox
It is time to add two additional network devices which will be used for
To add a new network interface to the IPFire virtual machine on Proxmox you can follow these steps.
- Navigate to the
- Click on
Figure 18. Adding a network device to IPFire VM on Proxmox
3. Select the Linux Bridge such as
Figure 19. Selecting Linux bridge of a network device for IPFire VM on Proxmox
- Select Model as VirtlO(paravirtualized)
Figure 20. Selecting model of a network device for IPFire VM on Proxmox
- Click the
steps 2-6to add the third NIC to the IPFire VM.
After finishing the network configuration of the IPFire virtual machine on Proxmox, you should see the
Hardware configuration for the IPFire VM similar to the following figure.
Figure 21. Viewing hardware device configuration of IPFire VM on Proxmox
Now, your IPFire firewall has 3 different physical interfaces ready to connect to different networks,
It is recommended that you should note the MAC address of the network devices used by IPFire VM. You will need them to complete the network settings of the firewall after installing the IPFire software.
To start the installation of the IPFire on your Proxmox environment, first, you should start the IPFire virtual machine. To start the machine,
Click on the
Click on the
To continue the installation of the IPFire, you should connect the virtual machine from the Proxmox console by clicking on the
Figure 22. Connecting IPFire VM console on Proxmox
And then, you may follow the steps listed below.
- IPFire Installation Boot Options. When you connect the IPFire Virtual Machine console, you will see the IPFire installation boot options menu. Select the first option
Install IPFire 2.25 - Core 157by pressing the
Figure 23. IPFire Installation Boot Options
- Language Selection. Select the language you wish to use during the installation process and click
Figure 24. Language Selection
- Confirm Installation. Confirm the IPFire installation by clicking on
Figure 25. Confirm to start the installation
- License Agreement. Accept the license agreement and then click
Figure 26. License Agreement
- Disk Setup. The IPFire setup will tell you which hard drive it will be installing. If you have only one hard drive, it will be used for the installation. If you have more than one connected hard drive, you can choose which one to install IPFire on. Click on
Delete all data.
Figure 27. Disk Setup
Beware that all your data will be erased from the system in this step after your confirmation.
- File System Selection. Choose
Ext4as the filesystem and click
OK. You may install IPFire on various file systems given below.
|ext4||The standard filesystem that is well tested and stable for Linux machines.|
|ext4 without journal||The same as ext4 but does not use a journal for filesystem transactions. This writes less data to disk but results in data loss if not properly shut down.|
|XFS||A robust server filesystem.|
|reiserfs||Very similar approach to ext4 and also very well tested.|
Figure 28. File system selection
- Installation. IPFire setup will start partitioning and formatting your hard drive and install the IPFire system on it. Depending on the size of the hard drive and the speed of your system, this will take a moment.
Figure 29. IPFire installation
- Reboot. Click
Rebootto complete the installation process.
Figure 30. Reboot the system after the IPFire installation was completed successfully
After you install and reboot the IPFire successfully, you must make essential configurations to connect your system to your network infrastructure. Initial configuration steps of IPFire firewall are as follows.
- Keyboard layout. Select your keyboard layout as you wish.
Figure 31. Keyboard layout selection
- Timezone selection. Select the proper timezone for your server.
Figure 32. Setting timezone for the IPFire
- Setting Hostname. Set the
hostnameof your IPFire firewall, such as ipfirefw.
Figure 33. Setting hostname of IPFire
- Setting Domain name. Set the domain name of your IPFire firewall
Figure 34. Setting domain name
- Setting root password. Set the password for your root account of the IPFire system. The root account is used for command-line login only.
No stars or dots will be shown while you type the password.
Figure 35. Setting root password
- Setting admin password. Set the password for your admin account of the IPFire system. The admin password is required to access the web user interface.
Figure 36. Setting admin password
- Network configuration menu. In IPFire network configuration, A maximum of four networks is possible:
Descriptions of these networks are given below.
Green + Rednetworks are the default network configuration of the IPFire.
Figure 37. Networks types of IPFire
Since we will configure our IPFire firewall with three networks;
Orange(DMZ), we should select the network configuration type first.
Figure 38. Network configuration menu of IPFire
- Network configuration type. Select
Red + Green + Orangeas the network configuration type for your IPFire and click
Figure 39. Selecting
Red + Green + Orange as the network configuration type for IPFire
- Drivers and card assignments. Since none of the interfaces has a network card assigned by default, select the Drivers and card assignments in the Network configuration menu.
Figure 40. Default assigned cards
- Assign a card for the Green interface. Select
OK. This will open the extended network menu. Select the proper NIC.
Figure 41. Extended network menu
- Repeat step
Orangenetworks. And then click on
Figure 42. List of assigned cards after completing the card assignment
- Address settings. After you assign all cards to the proper networks, you should configure the IP address for IPFire network adapters. Select the
Address settingsin the
Network configuration menu. And then select the interface
Figure 43. Selecting interface for IP address settings
- Enter IP address and subnet mask for the Green interface and click
Figure 44. IP Address configuration for Green interface
- Select the interface
- Enter IP address and subnet mask for the
Orangeinterface and click
Figure 45. IP Address configuration for Orange interface
- Select the interface
- Enter IP address and subnet mask for the
Redinterface and click
OK. The Red interface is unique in that its configuration is determined by your ISP and how it configures your external connection.
Figure 46. IP Address configuration for Red interface
- Lastly, click on
- DHCP configuration. You may install and configure a DHCP server for your
Green(LAN)network on your IPFire firewall. Because IPFire acts as a DNS proxy, you may want the Primary DNS server to be set to IPFire's Green IP address. All of these settings, however, can be changed after installation using IPFire's Web UI.
Figure 47. DHCP server configuration
- Congratulations! Your IPFire firewall installation and initialization is completed.
Figure 48. IPFire firewall setup is complete
- You can test and make further configurations by connecting to the IPFire web GUI. The web interface is the graphical front end for configuring IPFire. It can be accessed via a web browser from any computer on the GREEN network. After a successful login, the WebGUI allows access to all settings and features of IPFire.
- By default, the web interface is at