IPFire Installation Tutorial

IPFire is a fortified open-source Linux distribution that serves primarily as a firewall and router. It has a web-based management console for configuration. IPFire Linux Firewall is one of the best and most effective open-source firewalls for any individual or an enterprise network. For more information about IPFire, you can read our Best Open Source Firewalls article.

You can easily set up IPFire over a guided dialogue on the console in less than half an hour. Then for further administration of the IPFire and installation and configuration of the add-ons, you can use the web-based management interface.

In this IPFire installation tutorial, we will cover IPFire 2.25 Core update 157 version installation on Proxmox step by step. You can follow the given steps below.

• Why you should install IPFire
• Checking hardware requirements of IPFire firewall
• Downloading IPFire image
• Uploading IPFire ISO File to Proxmox VE
• Creating a Virtual Machine on Proxmox VE
• Setting Network Configuration of the IPFire Virtual Machine on Proxmox VE
  • Creating Linux Bridge
  • Adding Network Devices to IPFire VM on Proxmox
• Installing IPFire
• Initial Configuration of the IPFire Firewall

Figure 1. IPFire firewall topology

Why You Should Install IPFire

By installing the IPfire firewall to protect your network, you will get the following benefits of the IPFire.

1. Easy to Use: IPFire`s cutting-edge firewall makes it simple to manage even the most complex enterprise networks.

2. Designed Security: IPFire was created with the goal of providing high security while remaining modular and flexible, whether you are an individual or a large enterprise. You can be confident that IPFire will protect the network from various types of security threats.

3. Package Management System: PakFire, IPFire`s integrated packet management system, can update the entire system with a single click. It is a faster and more efficient method of installing patches, bug fixes, and feature enhancements that make IPFire more effective and safer.

4. Better Performance: IPFire runs well on embedded software and has been proven to provide a higher degree of performance and run evenly on all kinds of software.

5. Easy Installation: IPFire installation takes less than half an hour and it is very easy to use for the expert features.

6. Open Source: IPFire is free software released under GPL license. It has a large developer community that is constantly working to improve it.

Recommended System Requirements of IPFire

You can use IPFire in any kind of Virtual Environments such as

• Proxmox
• KVM
• Microsoft Hyper-v
• Oracle virtual box
• VMware
• XEN
• Qemu

And IPFire can be run in ARM Processor build machines such as Raspberry pi.

Before installing the IPfire firewall, you should verify the hardware requirements for the installation. You can review the requirements located on the official website. At the time of the writing, minimum requirements are given as below.

Hardware	Recommended Requirements
Processor	x86_64 CPU with 1 GHz or better or a supported ARM SBC
Memory	1GB or greater
Storage	at least 4GB of harddisk storage
Network	at least two Ethernet network adapters

CPU Requirements of the IPFire

x86

IPFire requires a i586 CPU (from the Intel Pentium I upwards) or better. It is recommended that a 1 GHz processor or faster is used.

ARM

Some ARM single board computers are supported by IPFire since release 2.9 .

Memory Requirements of the IPFire

IPFire requires a minimum of 512MB of memory. But IPFire developers recommend at least 1GB. The amount of memory should be increased if various add-ons are used. The web proxy and URL filter, as well as the Intrusion Detection/Prevention System, are memory-intensive features/add-ons.

Hard Drives Requirements of the IPFire

At least 4GB of storage is recommended for log files and add-on packages.

IPFire supports drives up to 3 TB in size with IDE, SATA, and SCSI interfaces. The majority of hardware RAID controllers are also supported by IPFire.

Networking Requirements of the IPFire

IPFire needs at least two network adapters. The vast majority of Ethernet network adapters available on the market perform admirably on the IPFire. However, some 10GBit/s adapters are not supported by IPFire.

Now, that you've checked if your system is compatible with IPFire, let's get started with the setup guide.

Downloading IPFire image

Now, you can go to the official IPFire Download page and download the IPFire ISO image that meets your needs to your local disk. We will download x86_64 IPFire ISO Image.

Figure 2. Downloading IPFire ISO image

Upload IPFire ISO File to Proxmox

To start the installation of the IPFire on Proxmox environment, you must upload the IPFire ISO image from your local disk to the Proxmox node. You can easily upload the ISO file to your Proxmox system by following the next instructions.

1. Connect your Proxmox Web interface(such as https://192.168.0.100:8006) using your favorite browser and log in as root.
2. Navigate to Datacenter--> pve/node--> local disk (pve) --> ISO Images

Figure 3. Uploading IPFire ISO image to Proxmox node

3. Click Upload button.
4. Select the IPFire ISO image from your local disk to upload.

Figure 4. Selecting IPFire ISO image from local disk to upload Proxmox

5. Click the Upload button.

tip

You can also copy the IPFire ISO image to your Proxmox environment by using a SCP/SFTP client applicaton. You should upload the ISO file into the /var/lib/vz/template/iso directory on the Proxmox server.

Creating a Virtual Machine on Proxmox

After uploading the IPFire ISO image to the Proxmox, we will create a Virtual Machine for our IPFire firewall. To create a virtual machine on Proxmox, you should follow the next steps given below.

1. Click on the blue Create VM button in the upper right hand corner of the Proxmox web UI.

2. Enter a name for your virtual machine, such as IPFirefw. Then, click Next.

Figure 5. Naming the IPFire VM on Proxmox

3. Select the IPFire ISO image under the OS tab, and then click Next.

Figure 6. Selecting IPFire ISO to install on Proxmox as a OS

4. You may accept the default settings on the System tab by clicking Next.

Figure 7. System settings of the IPFire VM on Proxmox

5. Set the Hard Disk size as you wish.

Figure 8. Setting Hard disk size as 32 GB for IPFire on Proxmox

6. Set the CPU configuration as you wish.

Figure 9. CPU settings for IPFire firewall on Proxmox

7. Set the Memory size as you wish.

Figure 10. Setting Memory size 8 GB for IPFire firewall on Proxmox

8. You may leave the Network configuration as default. We will cover this configuration for our topology deeply later.

Figure 11. Network configuration for IPFire firewall on Proxmox

9. Confirm the IPFire virtual machine configuration by clicking on the Finish button

Figure 12. Confirming the IPFire virtual machine configuration

Setting Network Configuration of the IPFire Virtual Machine on Proxmox

In this tutorial, we will configure three physical NICs for our IPFire firewall. These NICs will be used and configured for the following purposes

• WAN Connection: Internet connection/Untrusted zone. Red Zone
• LAN Connection: Clients and servers are placed in this trusted zone. Green Zone
• DMZ Connection: Servers that are accessible from the Internet such as web and FTP servers are placed in this zone. Orange Zone.

On an IPFire system you can define 4 types of security zones or networks as given below.

Figure 13. Network types on IPFire firewall

Creating Linux Bridge

To be able to define 3 network interfaces for the IPFire virtual machine, firstly we must create Linux bridge devices on the Proxmox device.

To create a Network Bridge follow the next steps.

1. Navigate to Data center --> pve/node --> Network.

Figure 14. Network devices on Proxmox 2. Click on the Create button. This will pop up the Linux Bridge configuration window.

3. You may leave the name as default such as vmbr1 or vmbr2. Enter IPv4/CIDR address and Bridge ports (Network devices name seen on Network configuration window, such as ens3f0 or ens3f1).

Figure 15. Creating Linux bridge on Proxmox

4. Repeat steps 3 and 4 for creating the third Linux Bridge.

Figure 16. Creating another Linux bridge on Proxmox 5. Click on the Apply Configuration button or Reboot the Proxbox device to start to use new Linux bridges.

Now, you have three Linux Bridges as seen in the Figure below.

Figure 17. Viewing network devices on Proxmox

Adding Network Devices to IPFire VM on Proxmox

It is time to add two additional network devices which will be used for LAN and DMZ connections.

To add a new network interface to the IPFire virtual machine on Proxmox you can follow these steps.

1. Navigate to the Data center --> pve/node --> IPFirefw VM --> Hardware --> Add.
2. Click on Network Device.

Figure 18. Adding a network device to IPFire VM on Proxmox 3. Select the Linux Bridge such as vmbr1 or vmb2.

Figure 19. Selecting Linux bridge of a network device for IPFire VM on Proxmox

4. Select Model as VirtlO(paravirtualized)

Figure 20. Selecting model of a network device for IPFire VM on Proxmox

5. Uncheck Firewall option.
6. Click the Add button.
7. Repeat steps 2-6 to add the third NIC to the IPFire VM.

After finishing the network configuration of the IPFire virtual machine on Proxmox, you should see the Hardware configuration for the IPFire VM similar to the following figure.

Figure 21. Viewing hardware device configuration of IPFire VM on Proxmox

Now, your IPFire firewall has 3 different physical interfaces ready to connect to different networks, Internet/Red, LAN/Green and DMZ/Orange respectively.

tip

It is recommended that you should note the MAC address of the network devices used by IPFire VM. You will need them to complete the network settings of the firewall after installing the IPFire software.

Installing IPFire

To start the installation of the IPFire on your Proxmox environment, first, you should start the IPFire virtual machine. To start the machine,

1. Click on the IPFirefw virtual machine.

2. Click on the Start button.

To continue the installation of the IPFire, you should connect the virtual machine from the Proxmox console by clicking on the Console.

Figure 22. Connecting IPFire VM console on Proxmox

And then, you may follow the steps listed below.

1. IPFire Installation Boot Options. When you connect the IPFire Virtual Machine console, you will see the IPFire installation boot options menu. Select the first option Install IPFire 2.25 - Core 157 by pressing the Enter.

Figure 23. IPFire Installation Boot Options

2. Language Selection. Select the language you wish to use during the installation process and click OK.

Figure 24. Language Selection

3. Confirm Installation. Confirm the IPFire installation by clicking on Start installation.

Figure 25. Confirm to start the installation

4. License Agreement. Accept the license agreement and then click OK.

Figure 26. License Agreement

5. Disk Setup. The IPFire setup will tell you which hard drive it will be installing. If you have only one hard drive, it will be used for the installation. If you have more than one connected hard drive, you can choose which one to install IPFire on. Click on Delete all data.

Figure 27. Disk Setup

caution

Beware that all your data will be erased from the system in this step after your confirmation.

6. File System Selection. Choose Ext4 as the filesystem and click OK. You may install IPFire on various file systems given below.

Filesystem	Comment
ext4	The standard filesystem that is well tested and stable for Linux machines.
ext4 without journal	The same as ext4 but does not use a journal for filesystem transactions. This writes less data to disk but results in data loss if not properly shut down.
XFS	A robust server filesystem.
reiserfs	Very similar approach to ext4 and also very well tested.

Figure 28. File system selection

7. Installation. IPFire setup will start partitioning and formatting your hard drive and install the IPFire system on it. Depending on the size of the hard drive and the speed of your system, this will take a moment.

Figure 29. IPFire installation

8. Reboot. Click Reboot to complete the installation process.

Figure 30. Reboot the system after the IPFire installation was completed successfully

Initial Configuration of IPFire Firewall

After you install and reboot the IPFire successfully, you must make essential configurations to connect your system to your network infrastructure. Initial configuration steps of IPFire firewall are as follows.

1. Keyboard layout. Select your keyboard layout as you wish.

Figure 31. Keyboard layout selection

2. Timezone selection. Select the proper timezone for your server.

Figure 32. Setting timezone for the IPFire

3. Setting Hostname. Set the hostname of your IPFire firewall, such as ipfirefw.

Figure 33. Setting hostname of IPFire

4. Setting Domain name. Set the domain name of your IPFire firewall

Figure 34. Setting domain name

5. Setting root password. Set the password for your root account of the IPFire system. The root account is used for command-line login only.

note

No stars or dots will be shown while you type the password.

Figure 35. Setting root password

6. Setting admin password. Set the password for your admin account of the IPFire system. The admin password is required to access the web user interface.

Figure 36. Setting admin password

7. Network configuration menu. In IPFire network configuration, A maximum of four networks is possible:

• Green
• Blue
• Orange
• Red. Descriptions of these networks are given below. Green + Red networks are the default network configuration of the IPFire.

Figure 37. Networks types of IPFire

Since we will configure our IPFire firewall with three networks; Red(WAN), Green(Lan) and Orange(DMZ), we should select the network configuration type first.

Figure 38. Network configuration menu of IPFire

8. Network configuration type. Select Red + Green + Orange as the network configuration type for your IPFire and click OK.

Figure 39. Selecting Red + Green + Orange as the network configuration type for IPFire

9. Drivers and card assignments. Since none of the interfaces has a network card assigned by default, select the Drivers and card assignments in the Network configuration menu.

Figure 40. Default assigned cards

10. Assign a card for the Green interface. Select Green and click OK. This will open the extended network menu. Select the proper NIC.

Figure 41. Extended network menu

11. Repeat step 10 for both Red and Orange networks. And then click on Done.

Figure 42. List of assigned cards after completing the card assignment

12. Address settings. After you assign all cards to the proper networks, you should configure the IP address for IPFire network adapters. Select the Address settings in the Network configuration menu. And then select the interface Green in the Address Settings menu.

Figure 43. Selecting interface for IP address settings

13. Enter IP address and subnet mask for the Green interface and click OK.

Figure 44. IP Address configuration for Green interface

14. Select the interface Orange in the Address Settings menu.
15. Enter IP address and subnet mask for the Orange interface and click OK.

Figure 45. IP Address configuration for Orange interface

16. Select the interface Red in the Address Settings menu.
17. Enter IP address and subnet mask for the Red interface and click OK. The Red interface is unique in that its configuration is determined by your ISP and how it configures your external connection.

Figure 46. IP Address configuration for Red interface

18. Lastly, click on Done in the Address Settings menu.
19. DHCP configuration. You may install and configure a DHCP server for your Green(LAN) network on your IPFire firewall. Because IPFire acts as a DNS proxy, you may want the Primary DNS server to be set to IPFire's Green IP address. All of these settings, however, can be changed after installation using IPFire's Web UI.

Figure 47. DHCP server configuration

20. Congratulations! Your IPFire firewall installation and initialization is completed.

Figure 48. IPFire firewall setup is complete

21. You can test and make further configurations by connecting to the IPFire web GUI. The web interface is the graphical front end for configuring IPFire. It can be accessed via a web browser from any computer on the GREEN network. After a successful login, the WebGUI allows access to all settings and features of IPFire.
22. By default, the web interface is at https://ipfire.localdomain:444 or https://ipfire:444.