Secure your network with IPFire

Asia's Tech News Daily

A dedicated firewall stands between the Internet and sanitizes the traffic flowing into the internal network. Setting one up is an involved process both in terms of assembling the hardware for the firewall to run on and configuring the software that powers it. However there are quite a few Linux firewall distros that help you setup a dedicated firewall with ease.

One of the oldest, most popular, and comprehensive firewall projects, is IPFire. The distro uses a Stateful Packet Inspection (SPI) firewall that’s built on top of the netfilter utility that facilitates Network Address Translation (NAT), packet filtering and packet mangling.

You can use it for everything from forwarding ports to creating a DMZ. The distro’s kernel is hardened with the grsecurity patchset to thwart zero-day exploits and comes with strict access controls.

(Image credit: IPFire)

IPFire has very modest system requirements. In fact using the distro is one of the best ways to upcycle an old computer whose hardware hasn’t been able to cope with the demanding requirements of the modern-day operating systems. A single core processor with 1GB of RAM, two network interfaces and 4GB of hard disk space is adequate for IPFire. A bigger hard disk will give you more dexterity to flesh out the IPFire installation.

Hook up the first network adapter to the router/modem from your Internet Service Provider (ISP). Connect the second to the network switch that will serve all the computers in your network. After you’ve setup IPFire make sure all the devices in your network connect to this switch, which will dole out IP addresses to the computers in the network via IPFire.

Installation

Once you’ve assembled the firewall computer, boot it from the IPFire install media. The firewall distro is written from scratch and has a straightforward installation process.

Follow through the firewall’s intuitive installation process using the default options which will install IPFire as the sole distro on the computer. When you reboot the machine post installation, you’ll be asked for a set of passwords for the root and the admin user.

Now comes the crucial part where you have to configure the roles for the network adapters in the firewall server. IPFire supports several different modes. The default mode, known as Green + Red, is designed for machines that have two network adapters.

(Image credit: IPFire)

Once you’ve selected this mode in the Network configuration type option, select the Drivers and cards assignments option to assign the NICs to either of the modes.

In this screen you need to mark the adapter connected to the ISP’s router as the Red interface and the one connected to the switch as the Green interface. You can identify the NICs through their MAC address.

Next scroll down to the Address settings option and configure the Green interface. Assign it 10.0.0.1 as the IP address with a Netmask of 255.255.255.0. For the Red interface select the DHCP option, and leave the rest of the parameters to their default values.

When you’re done with the network settings, IPFire’s setup wizard will bring up the options to configure the DHCP server which will hand out addresses to all the computers inside our network that’ll be hooked to the firewall through the switch.

Activate the DHCP Server and enter 10.0.0.10 in the Start Address field and 10.0.0.30 in the End Address field. This instructs the firewall server to handout addresses between these two values to machines connected to our firewall server. You can customize this number depending on the number of computers in your network.

That’s it. Save the settings and allow IPFire to boot up to the login prompt.

(Image credit: IPFire)

Initial configuration

Now head to https://10.0.0.1:444 from any other machine on the internal network connected to the switch, and you’ll get to IPFire’s web-based administration panel. Use admin as the user and the password you assigned to it earlier while setting up IPFire.

The administration interface has a simple and easy to navigate layout with the different aspects of the firewall server grouped under tabs listed at the top of the page. It is logically arranged and clearly marked, which significantly simplifies the process of setting up the various aspects of the firewall as well as its different components.

The interface has a simple and easy to navigate layout with the different aspects of the firewall server grouped under tabs listed at the top of the page.

The System tab houses options that influence the entire install. This is where you’ll find the option to enable SSH access and create a backup ISO image of the installation with or without the log files. The GUI Settings option lets you customize the theme and other aspects of the IPFire administration console.

(Image credit: IPFire)

Then there’s the Status tab which gives an overview of the various components of the firewall. You can come here to get information about the CPU and memory usage on the server. The menu also houses options to monitor the bandwidth of the Internet traffic passing via the server as well for any OpenVPN gateway.

Another general purpose tab is the Services tab which lets you enable and configure individual services besides the firewall. Options to Dynamic DNS and Intrusion Detection can be easily configured using the various options available under this menu.

Straight after installation, you already have a fully functioning firewall. This is because IPFire implements some sensible defaults straight out of the box. This is a good starting point for you to build and customize IPFire as per your requirements.

(Image credit: IPFire)

Conclusion

IPFire can be used as a URL filter, a caching name server, an update accelerator, and more. It includes Squid and can easily double up as a web proxy and you can also use it to create a VPN server with both IPsec and OpenVPN. In addition to its firewalling duties you can also use IPFire to detect and prevent intrusions using a combination of Snort and an addon called Guardian.

IPFire ships with Pakfire, which is an extensive package management utility that makes it fairly simple to flesh out the basic installation. There are some useful add-ons such as the ClamAV antivirus scanner, Bacula backup, miniDLNA streaming server, and more. You can also use the Pakfire package manager to check and install any available updates to the distro itself.

IPFire manages to walk the tightrope between form and function. It has an approachable administrative interface, is no short of functions, and can be expanded with add-ons and has a vibrant community of users and ample documentation, which makes it an ideal choice for a wide variety of users.

Internet Explorer Channel Network
Asia's Tech News Daily
News Related

OTHER NEWS

Ubisoft delists its NFT announcement video as dislikes pile up

(Image Courtesy: Ubisoft) After receiving over 15,466 dislikes on YouTube, Ubisoft’s announcement video for its new NFT service, Quartz, has been delisted by the company. The video can still be ... Read more »

US lawmakers rebuff Instagram boss's self-regulation pitch

Mr Adam Mosseri had argued the service could help struggling young people. WASHINGTON (AFP) – Instagram’s boss aimed to appease fuming United States lawmakers Wednesday (Dec 8) with a rosy ... Read more »

Amazon will shut down Alexa.com website ranking service

US-based e-commerce giant Amazon launched the Alexa internet feature as a website ranking service in 1996 which is a paid subscription service with detailed SEO analytics and insights. Amazon has ... Read more »

Xiaomi 11 Youth Vitality Edition launched with Snapdragon 778G SoC, 90Hz AMOLED display

The Xiaomi 11 Youth Vitality Edition was recently unveiled in China. The Xiaomi 11 Youth Vitality Edition is a rebranded version of the Xiaomi 11 Lite 5G NE which was ... Read more »

The internet is tricking our brains

Researchers are finding that the intersection of Google, smartphones and our memories is starting to mess with how we judge our own abilities. Read more »

Could Nvidia RTX 3050 and RTX 3090 Ti GPUs appear at CES 2022?

Nvidia has a trio of fresh graphics cards which are going on sale in January, according to the latest from the GPU grapevine, and that includes an RTX 3050 which ... Read more »

Boris Johnson news – live: Flat refurb broke law, as PM faces Tory rebellions over plan B and No 10 parties

The Conservative party broke electoral laws over the controversial funding of Boris Johnson’s flat refurbishment, the Electoral Commission has ruled. “Our investigation into the Conservative Party found that the laws ... Read more »

Alibaba ends a ‘cautious' year overshadowed by antitrust probe by doubling stake in tour agency

Alibaba Group Holding has invested 240 million yuan (US$37.8 million) to double its stake in a loss-making local tour agency, a deal that caps a year of “cautious” investments since ... Read more »

Cycle lanes blamed for urban congestion – here's the reality

Patrick Shutterstock/Shutterstock The average driver in London spent 148 hours in traffic jams in 2021 – twice the national average, according to a new report by Inrix, a firm that ... Read more »

PS5 restock now live at PlayStation Direct UK - get your console by Christmas

A surprise PS5 Restock has just gone live over at PlayStation Direct UK, giving console hunters another great opportunity to bag one before Christmas. This is actually the second drop ... Read more »

The Game Awards 2021: how to watch and what to expect

It’s that time of year again: The Game Awards is taking place this week (December 9 to be exact) and if you want to catch all the action live then ... Read more »

Italy fines Amazon $1.3B, alleging harm to outside sellers

FILE – An Amazon logo appears on an Amazon delivery van, Thursday, Oct. 1, 2020, in Boston. A major outage in Amazon’s cloud computing network Tuesday, Dec. 7, 2021, severely ... Read more »

Apple's rumored AR headset might say goodbye to physical controllers

Apple could be looking to shake things up with its long-rumored augmented reality headset by employing 3D sensors for hand tracking, potentially forgoing the need for traditional physical controllers. As ... Read more »

You can now use your iPhone or Apple Watch to unlock your hotel room

One of the features that was planned for iOS 15 and watchOS 8 was the ability to digitally store hotel keycards on your iPhone, and while the feature was late, ... Read more »

'My little helper': This beloved Shark robot vacuum is a cool $130 off at Amazon — but only for today

We may receive commission from purchases made via links on this page. Pricing and availability are subject to change. Save big — and get cleaner floors in the process! (Photo: ... Read more »

Boris Johnson and wife Carrie announce birth of 'healthy baby girl'

Boris and Carrie Johnson have announced the birth of their baby daughter. (Getty) Prime minister Boris Johnson and wife Carrie have announced “the birth of a healthy baby girl at ... Read more »

Samsung Galaxy S22 price will likely stay the same as Galaxy S21

The Samsung Galaxy S22 is expected early in 2022, and a new leak suggests the price won’t be rising when compared to the company’s Galaxy S21 series. According to a ... Read more »

Xiaomi 12 charging speed could be faster than Mi 11 but slower than expected

Xiaomi is one of those companies which is always embracing faster and faster phone charging, but it seems in the Xiaomi 12 it’s not going to use its top-end powering ... Read more »

PSVR 2 could overcome its biggest hurdle thanks to Sony's new OLED display tech

Sony Group has shown off a new head-mounted display (HMD) that uses OLED microdisplay technology to deliver more realistic visuals – and it might be used in the company’s upcoming ... Read more »

Global cellular IoT chipset shipments grow 70% in Q3: Report

New Delhi: Global cellular internet of things (IoT) module shipments grew 70 per cent (on-year) in the third quarter this year and Qualcomm led the cellular IoT chipset market with ... Read more »

Microsoft joins Whitehat Jr to offer Minecraft game-based learning

New Delhi: Microsoft India and online learning platform WhiteHat Jr on Thursday announced a collaboration to provide students as well as teachers access to personalised learning experiences with popular game ... Read more »

Russia blocks website of privacy service 'Tor'

Russia stepped up state oversight of internet activity on Wednesday by blocking the website of global privacy service Tor and part of its wider network, with the communications regulator accusing ... Read more »

Nintendo hacker settles Switch piracy lawsuit for $10million in restitution

San Francisco: Gary Bowser, a member of a group of hackers called Team-Xecuter, has been ordered to pay $10 million to settle a Nintendo lawsuit against him over piracy charges.Nintendo ... Read more »

GMKTEC Xpanel SE Portable Monitor review

Being able to divide a screen from the device driving it has many advantages. Critically, if the unit or screen fails, then the working part can still be used. On ... Read more »

More than half of workers would quit their job if they couldn't do hybrid working

Most people would rather quit their job than be left without an option for hybrid working, a report from Microsoft has claimed. The software giant recently polled 2,046 employees and ... Read more »

Android users can't dial 911 because of… Microsoft Teams?

I’m not gonna sit here and decry current technology, quite the opposite. To this very day, there’s something magical about smartphones. I can use them to watch movies, make music, ... Read more »

Building an iOS app? Avoid these critical App Store roadblocks

Apple’s App Store is a holy grail for businesses, offering access to an audience of about , according to the technology giant. But that doesn’t mean landing an app in ... Read more »

Your Fitbit could get a life-saving update in the coming months

Fitbit has registered a patent for a wearable device that can measure the health of your arteries, and pick up early signs of high blood pressure. The patent listing (spotted ... Read more »

Spider-Man: No Way Home nearly wasn't a multiverse movie

Spider-Man: No Way Home nearly wasn’t the multiversal Marvel movie that fans will actually see in theaters, according to the film’s cast. Speaking to Collider ahead of the flick’s release, ... Read more »

Fintech firm Pleo raises another $200 million at $4.7 billion valuation

Danish financial technology firm Pleo, which offers expense management tools and “smart” payment cards for companies, said on Thursday it has raised another $200 million as part of an extension ... Read more »

EU plan to boost gig economy workers is latest blow to apps

FILE – A gig economy ridersfor app-based meal delivery platform Deliveroo takes part in a demonstration, near the company headquarters in London, Wednesday, April 7, 2021. The European Union unveiled ... Read more »

U.S. and Chinese Astronomers Are Teaming Up to Hunt for Alien Lights

Photo Illustration by Thomas Levinson/The Daily Beast/Getty Scientists are widening their search for alien civilizations. They might not find actual extraterrestrial life, but that doesn’t mean they won’t find something ... Read more »

Activision is readying a mobile version of Call of Duty: Warzone for launch in 2022: Report

There is no date for a possible announcement yet Call of Duty’s free-to-play battle royale, Warzone, may soon be getting a mobile port, which will separate from Call of Duty: ... Read more »

Galaxy S21 FE specs: Samsung to reportedly ship mid-range phone with Android 12 pre-installed

Photo credit: Padraig Treanor / Unsplash Samsung Galaxy S21 FE is already a few months late from its anticipated launch this year, and the mid-range phone will reportedly not launch until next year. ... Read more »

iPhone 14 Pro looks more likely to lose the notch - but there's one problem

Some of us here at TechRadar have been railing against the notch for years, and it seems that Apple might finally be getting on board, as there’s growing evidence that ... Read more »

YouTube banned 'ghost gun' videos. They're still up.

Three years after YouTube prohibited “ghost gun” assembly videos, the site still hosts dozens of the videos, totaling several million views.  Read more »

Heartland POS review

When you try to name some of the best POS systems on the market, Heartland POS may not immediately come to mind. However, it is one of the largest POS ... Read more »

How to get phone calls without sharing your real number

How many people and companies have your phone number if you had to guess? Maybe a hundred? Think again. Want to be shocked? Your cellphone and landline number (if you ... Read more »

‘Star Wars: The Old Republic – Legacy of the Sith' expansion release date is pushed to early 2022

From the “Star Wars: The Old Republic – Onslaught” trailer | Photo credit: swtheoldrepublic / YouTube screenshot BioWare had big plans for the 10th anniversary of “Star Wars: The Old Republic” this ... Read more »

WhatsApp may kick you out of linked devices for security reasons

The rollout of multi-device support has proved to be one of the most popular features of WhatsApp ever. While it’s still only possible to be logged into an account on ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic