IPFire Installation Tutorial
IPFire
is a fortified open-source Linux distribution that serves primarily as a firewall and router. It has a web-based management console for configuration. IPFire Linux Firewall is one of the best and most effective open-source firewalls for any individual or an enterprise network. For more information about IPFire, you can read our Best Open Source Firewalls article.
You can easily set up IPFire over a guided dialogue on the console in less than half an hour. Then for further administration of the IPFire and installation and configuration of the add-ons, you can use the web-based management interface.
In this IPFire installation tutorial, we will cover IPFire 2.25 Core update 157 version
installation on Proxmox
step by step. You can follow the given steps below.
- Why you should install IPFire
- Checking hardware requirements of IPFire firewall
- Downloading IPFire image
- Uploading IPFire ISO File to Proxmox VE
- Creating a Virtual Machine on Proxmox VE
- Setting Network Configuration of the IPFire Virtual Machine on Proxmox VE
- Creating Linux Bridge
- Adding Network Devices to IPFire VM on Proxmox
- Installing IPFire
- Initial Configuration of the IPFire Firewall
Figure 1. IPFire firewall topology
Why You Should Install IPFireโ
By installing the IPfire firewall to protect your network, you will get the following benefits of the IPFire.
1. Easy to Use: IPFire`s cutting-edge firewall makes it simple to manage even the most complex enterprise networks.
2. Designed Security: IPFire was created with the goal of providing high security while remaining modular and flexible, whether you are an individual or a large enterprise. You can be confident that IPFire will protect the network from various types of security threats.
3. Package Management System: PakFire
, IPFire`s integrated packet management system, can update the entire system with a single click. It is a faster and more efficient method of installing patches, bug fixes, and feature enhancements that make IPFire more effective and safer.
4. Better Performance: IPFire runs well on embedded software and has been proven to provide a higher degree of performance and run evenly on all kinds of software.
5. Easy Installation: IPFire installation takes less than half an hour and it is very easy to use for the expert features.
6. Open Source: IPFire is free software released under GPL license. It has a large developer community that is constantly working to improve it.
Recommended System Requirements of IPFireโ
You can use IPFire in any kind of Virtual Environments such as
- Proxmox
- KVM
- Microsoft Hyper-v
- Oracle virtual box
- VMware
- XEN
- Qemu
And IPFire can be run in ARM Processor build machines such as Raspberry pi.
Before installing the IPfire firewall, you should verify the hardware requirements for the installation. You can review the requirements located on the official website. At the time of the writing, minimum requirements are given as below.
Hardware | Recommended Requirements |
---|---|
Processor | x86_64 CPU with 1 GHz or better or a supported ARM SBC |
Memory | 1GB or greater |
Storage | at least 4GB of harddisk storage |
Network | at least two Ethernet network adapters |
CPU Requirements of the IPFireโ
x86โ
IPFire requires a i586 CPU (from the Intel Pentium I upwards) or better. It is recommended that a 1 GHz processor or faster is used.
ARMโ
Some ARM single board computers are supported by IPFire since release 2.9 .
Memory Requirements of the IPFireโ
IPFire requires a minimum of 512MB of memory. But IPFire developers recommend at least 1GB. The amount of memory should be increased if various add-ons are used. The web proxy and URL filter, as well as the Intrusion Detection/Prevention System, are memory-intensive features/add-ons.
Hard Drives Requirements of the IPFireโ
At least 4GB of storage is recommended for log files and add-on packages.
IPFire supports drives up to 3 TB in size with IDE, SATA, and SCSI interfaces. The majority of hardware RAID controllers are also supported by IPFire.
Networking Requirements of the IPFireโ
IPFire needs at least two network adapters. The vast majority of Ethernet network adapters available on the market perform admirably on the IPFire. However, some 10GBit/s adapters are not supported by IPFire.
Now, that you've checked if your system is compatible with IPFire, let's get started with the setup guide.
Downloading IPFire imageโ
Now, you can go to the official IPFire Download page and download the IPFire ISO
image that meets your needs to your local disk. We will download x86_64 IPFire ISO
Image.
Figure 2. Downloading IPFire ISO image
Upload IPFire ISO File to Proxmoxโ
To start the installation of the IPFire on Proxmox environment, you must upload the IPFire ISO image from your local disk to the Proxmox node. You can easily upload the ISO file to your Proxmox system by following the next instructions.
- Connect your
Proxmox
Web interface(such ashttps://192.168.0.100:8006
) using your favorite browser and log in as root. - Navigate to
Datacenter
-->pve/node
-->local disk (pve)
-->ISO Images
Figure 3. Uploading IPFire ISO image to Proxmox node
- Click
Upload
button. - Select the IPFire ISO image from your local disk to upload.
Figure 4. Selecting IPFire ISO image from local disk to upload Proxmox
- Click the
Upload
button.
tip
You can also copy the IPFire ISO image to your Proxmox environment by using a SCP/SFTP client applicaton. You should upload the ISO file into the /var/lib/vz/template/iso
directory on the Proxmox server.
Creating a Virtual Machine on Proxmoxโ
After uploading the IPFire ISO image to the Proxmox, we will create a Virtual Machine
for our IPFire firewall. To create a virtual machine on Proxmox, you should follow the next steps given below.
- Click on the blue
Create VM
button in the upper right hand corner of the Proxmox web UI.
- Enter a name for your virtual machine, such as
IPFirefw
. Then, clickNext
.
Figure 5. Naming the IPFire VM on Proxmox
- Select the IPFire
ISO
image under the OS tab, and then clickNext
.
Figure 6. Selecting IPFire ISO to install on Proxmox as a OS
- You may accept the default settings on the
System
tab by clickingNext
.
Figure 7. System settings of the IPFire VM on Proxmox
- Set the
Hard Disk
size as you wish.
Figure 8. Setting Hard disk size as 32 GB for IPFire on Proxmox
- Set the
CPU
configuration as you wish.
Figure 9. CPU settings for IPFire firewall on Proxmox
- Set the
Memory
size as you wish.
Figure 10. Setting Memory size 8 GB for IPFire firewall on Proxmox
- You may leave the
Network
configuration as default. We will cover this configuration for our topology deeply later.
Figure 11. Network configuration for IPFire firewall on Proxmox
- Confirm the IPFire virtual machine configuration by clicking on the
Finish
button
Figure 12. Confirming the IPFire virtual machine configuration
Setting Network Configuration of the IPFire Virtual Machine on Proxmoxโ
In this tutorial, we will configure three physical NICs for our IPFire firewall. These NICs will be used and configured for the following purposes
- WAN Connection: Internet connection/Untrusted zone. Red Zone
- LAN Connection: Clients and servers are placed in this trusted zone. Green Zone
- DMZ Connection: Servers that are accessible from the Internet such as web and FTP servers are placed in this zone. Orange Zone.
On an IPFire system you can define 4
types of security zones or networks as given below.
Figure 13. Network types on IPFire firewall
Creating Linux Bridgeโ
To be able to define 3 network interfaces for the IPFire virtual machine, firstly we must create Linux bridge
devices on the Proxmox device.
To create a Network Bridge
follow the next steps.
- Navigate to
Data center
-->pve/node
-->Network
.
Figure 14. Network devices on Proxmox
2. Click on the Create
button. This will pop up the Linux Bridge
configuration window.
- You may leave the name as default such as
vmbr1
orvmbr2
. Enter IPv4/CIDR address and Bridge ports (Network devices name seen on Network configuration window, such asens3f0
orens3f1
).
Figure 15. Creating Linux bridge on Proxmox
- Repeat steps 3 and 4 for creating the third Linux Bridge.
Figure 16. Creating another Linux bridge on Proxmox
5. Click on the Apply Configuration
button or Reboot
the Proxbox device to start to use new Linux bridges.
Now, you have three Linux Bridges as seen in the Figure below.
Figure 17. Viewing network devices on Proxmox
Adding Network Devices to IPFire VM on Proxmoxโ
It is time to add two additional network devices which will be used for LAN
and DMZ
connections.
To add a new network interface to the IPFire virtual machine on Proxmox you can follow these steps.
- Navigate to the
Data center
-->pve/node
-->IPFirefw VM
-->Hardware
-->Add
. - Click on
Network Device
.
Figure 18. Adding a network device to IPFire VM on Proxmox
3. Select the Linux Bridge such as
vmbr1
or vmb2
.
Figure 19. Selecting Linux bridge of a network device for IPFire VM on Proxmox
- Select Model as VirtlO(paravirtualized)
Figure 20. Selecting model of a network device for IPFire VM on Proxmox
- Uncheck
Firewall
option. - Click the
Add
button. - Repeat
steps 2-6
to add the third NIC to the IPFire VM.
After finishing the network configuration of the IPFire virtual machine on Proxmox, you should see the Hardware configuration
for the IPFire VM similar to the following figure.
Figure 21. Viewing hardware device configuration of IPFire VM on Proxmox
Now, your IPFire firewall has 3 different physical interfaces ready to connect to different networks, Internet/Red
, LAN/Green
and DMZ/Orange
respectively.
tip
It is recommended that you should note the MAC address of the network devices used by IPFire VM. You will need them to complete the network settings of the firewall after installing the IPFire software.
Installing IPFireโ
To start the installation of the IPFire on your Proxmox environment, first, you should start the IPFire virtual machine. To start the machine,
Click on the
IPFirefw
virtual machine.Click on the
Start
button.
To continue the installation of the IPFire, you should connect the virtual machine from the Proxmox console by clicking on the Console
.
Figure 22. Connecting IPFire VM console on Proxmox
And then, you may follow the steps listed below.
- IPFire Installation Boot Options. When you connect the IPFire Virtual Machine console, you will see the IPFire installation boot options menu. Select the first option
Install IPFire 2.25 - Core 157
by pressing theEnter
.
Figure 23. IPFire Installation Boot Options
- Language Selection. Select the language you wish to use during the installation process and click
OK
.
Figure 24. Language Selection
- Confirm Installation. Confirm the IPFire installation by clicking on
Start
installation.
Figure 25. Confirm to start the installation
- License Agreement. Accept the license agreement and then click
OK
.
Figure 26. License Agreement
- Disk Setup. The IPFire setup will tell you which hard drive it will be installing. If you have only one hard drive, it will be used for the installation. If you have more than one connected hard drive, you can choose which one to install IPFire on. Click on
Delete all data
.
Figure 27. Disk Setup
caution
Beware that all your data will be erased from the system in this step after your confirmation.
- File System Selection. Choose
Ext4
as the filesystem and clickOK
. You may install IPFire on various file systems given below.
Filesystem | Comment |
---|---|
ext4 | The standard filesystem that is well tested and stable for Linux machines. |
ext4 without journal | The same as ext4 but does not use a journal for filesystem transactions. This writes less data to disk but results in data loss if not properly shut down. |
XFS | A robust server filesystem. |
reiserfs | Very similar approach to ext4 and also very well tested. |
Figure 28. File system selection
- Installation. IPFire setup will start partitioning and formatting your hard drive and install the IPFire system on it. Depending on the size of the hard drive and the speed of your system, this will take a moment.
Figure 29. IPFire installation
- Reboot. Click
Reboot
to complete the installation process.
Figure 30. Reboot the system after the IPFire installation was completed successfully
Initial Configuration of IPFire Firewallโ
After you install and reboot the IPFire successfully, you must make essential configurations to connect your system to your network infrastructure. Initial configuration steps of IPFire firewall are as follows.
- Keyboard layout. Select your keyboard layout as you wish.
Figure 31. Keyboard layout selection
- Timezone selection. Select the proper timezone for your server.
Figure 32. Setting timezone for the IPFire
- Setting Hostname. Set the
hostname
of your IPFire firewall, such as ipfirefw.
Figure 33. Setting hostname of IPFire
- Setting Domain name. Set the domain name of your IPFire firewall
Figure 34. Setting domain name
- Setting root password. Set the password for your root account of the IPFire system. The root account is used for command-line login only.
note
No stars or dots will be shown while you type the password.
Figure 35. Setting root password
- Setting admin password. Set the password for your admin account of the IPFire system. The admin password is required to access the web user interface.
Figure 36. Setting admin password
- Network configuration menu. In IPFire network configuration, A maximum of four networks is possible:
- Green
- Blue
- Orange
- Red.
Descriptions of these networks are given below.
Green + Red
networks are the default network configuration of the IPFire.
Figure 37. Networks types of IPFire
Since we will configure our IPFire firewall with three networks; Red(WAN)
, Green(Lan)
and Orange(DMZ)
, we should select the network configuration type first.
Figure 38. Network configuration menu of IPFire
- Network configuration type. Select
Red + Green + Orange
as the network configuration type for your IPFire and clickOK
.
Figure 39. Selecting Red + Green + Orange
as the network configuration type for IPFire
- Drivers and card assignments. Since none of the interfaces has a network card assigned by default, select the Drivers and card assignments in the Network configuration menu.
Figure 40. Default assigned cards
- Assign a card for the Green interface. Select
Green
and clickOK
. This will open the extended network menu. Select the proper NIC.
Figure 41. Extended network menu
- Repeat step
10
for bothRed
andOrange
networks. And then click onDone
.
Figure 42. List of assigned cards after completing the card assignment
- Address settings. After you assign all cards to the proper networks, you should configure the IP address for IPFire network adapters. Select the
Address settings
in theNetwork configuration menu
. And then select the interfaceGreen
in theAddress Settings
menu.
Figure 43. Selecting interface for IP address settings
- Enter IP address and subnet mask for the Green interface and click
OK
.
Figure 44. IP Address configuration for Green interface
- Select the interface
Orange
in theAddress Settings
menu. - Enter IP address and subnet mask for the
Orange
interface and clickOK
.
Figure 45. IP Address configuration for Orange interface
- Select the interface
Red
in theAddress Settings
menu. - Enter IP address and subnet mask for the
Red
interface and clickOK
. The Red interface is unique in that its configuration is determined by your ISP and how it configures your external connection.
Figure 46. IP Address configuration for Red interface
- Lastly, click on
Done
in theAddress Settings
menu. - DHCP configuration. You may install and configure a DHCP server for your
Green(LAN)
network on your IPFire firewall. Because IPFire acts as a DNS proxy, you may want the Primary DNS server to be set to IPFire's Green IP address. All of these settings, however, can be changed after installation using IPFire's Web UI.
Figure 47. DHCP server configuration
- Congratulations! Your IPFire firewall installation and initialization is completed.
Figure 48. IPFire firewall setup is complete
- You can test and make further configurations by connecting to the IPFire web GUI. The web interface is the graphical front end for configuring IPFire. It can be accessed via a web browser from any computer on the GREEN network. After a successful login, the WebGUI allows access to all settings and features of IPFire.
- By default, the web interface is at
https://ipfire.localdomain:444
orhttps://ipfire:444
.