Build Your Own Mini-ITX Firewall with IPFire – Complete DIY Guide

Introduction

Today I will show you how to build your very own compact Mini-ITX Firewall using easily sourced parts with the excellent (and Open Source) IPFire firewall operating system. You can also use any old PC with an extra Ethernet card, but this guide does focus on the Mini-ITX form factor and parts suitable for it. I will also give you links to the sources for each part.

Hardware

Mini-ITX is becoming more and more popular as parts become much cheaper to buy, and more variety (like cases) become available. Mini-ITX is also the perfect form-factor for things like firewalls and VPN routers, that’s why I am using it in this guide. We also don’t need a high-spec motherboard, fast CPU or tons of RAM with IPFire (and all other Open Source firewall offerings btw) as it has minimum hardware requirement of 1GHz CPU, 1GB RAM, 4GB hard drive and 2 Ethernet ports. This means you can source older Mini-ITX motherboards which will be cheaper but still perform perfectly well.

Motherboard, CPU & RAM

An ideal motherboard for this project is one with an Onboard CPU, this means the CPU is hard-wired to the motherboard and is non-removable or upgradable. A lot of Mini-ITX motherboards were (and still are) made with this type of setup and are plentiful on websites like eBay and Amazon second-hand. If you prefer to buy a new Mini-ITX motherboard visit Logic Supply, Mini-Box or the usual NewEgg, TigerDirect, MicroCenter, NCIX.

I already have a Gigabyte GA-J1900N-D3V Mini-ITX motherboard from an earlier project that has 2 Gigabit LAN ports, a Quad-Core Celeron J1900 CPU running at 2GHz and takes low-voltage DDR3L SODIMM laptop RAM. I already have 4GB DDR3L RAM, perfect for this kind of "always-on" build.

• RECOMMENDED HARDWARE
• Mini-ITX form factor motherboard
• 1GHz CPU or higher
• 2GB RAM or higher
• 1 Gigabit Ethernet port or more
• If only 1 Ethernet port, you will need at least one expansion slot either PCI-Express, Mini-PCI-Express or PCI for extra Ethernet port
• Predefined eBay search for Mini-ITX motherboards or motherboard & CPU combos

Ethernet Expansion Card Options

IPFire (and all other firewall OS’s) need a minimum of 2 Ethernet ports, one for Green LAN and one for Red WAN, my motherboard already has two Gigabit LAN ports built-in, but finding a motherboard like this is difficult, and usually expensive, so it’s likely you will need to use an expansion card to add another LAN port.

Most Mini-ITX mobo’s come with either a Mini PCI-Express port, a PCI-Express x1 slot or a traditional PCI slot, so you will need to buy an expansion card to suit. If you have any choice between them, choose Mini-PCIe first, then PCIe x1 and lastly PCI. If one of the last two options, you will likely need to buy an extension ribbon cable depending on the size of your case (see links and pics below).

• Mini-PCI-Express Ethernet Cards
• Predefined eBay.com search for Mini-PCIe Ethernet Card
• 1-Port PCIe Gb LAN Mini PCIe Module 8111ME at LogicSupply
• 2-Port PCIe Gb LAN Mini PCIe Module 8111ME-D at LogicSupply
• PCI-Express x1 Ethernet Cards
• Predefined eBay.com search for TP-Link TG-3468 PCIe Ethernet Card
• Predefined eBay.com search for PCIe Ribbon Cable Extender
• PCI Ethernet Cards
• Intel 1-Port 10/100/1000 PCI Copper Network Adapter at LogicSupply
• Predefined eBay.com search for TP-Link TG-3269 1 Port PCI Ethernet Card
• Predefined eBay.com search for PCI 32 Bits Riser Cable

Most firewalls use a Red, Green, Blue and Orange network topology with a physical LAN port required for each. As a minimum you’ll need Red and Green (2 LAN ports) but you can also add LAN ports for Orange DMZ or Virtual Server or Blue for WiFi network.

Hard Drive & CD/DVD Drive

There are two hard drive options I would like to show you; the first being a standard SSD hard drive which is the easier option, the second is a special SATA to SDHC Card Adapter that enables the use of an SD card attached to the SATA interface to act as a normal hard drive. Either of these options are fine and they both attach to the SATA data and SATA power cables the same way. The SDHC option is a little slower to install but will run fine after that. Be sure to buy at least an 8GB SD card and as fast as you can afford with 90Mbp/s read/write speed preferred.

I am going to use a Fujitsu 64GB SATA-III SSD drive which you can pickup on eBay for under $40, along with a USB DVDRW optical drive for the operating system installation (these can be purchased for under $20) because we don’t need a permanent optical drive like a PC.

PSU/Power Supply

Mini-ITX has a number of options for power supply and it does partly depend on the case you’re using. Some Mini-ITX cases can fit a full ATX PSU unit, some can fit smaller sized PSU’s like TFX, Flex-ATX etc, some have built-in DC jacks ready for a power pack (like the Intel D945GSEJT mobo) but most of you will have a motherboard with a standard 24pin ATX connector like my J1900N-D3V, so your best option in a small case is a PicoPSU of 160 watts with a 10 amp 160 watt power supply adapter.

Case

For this project I don’t want a large Mini-ITX case, I want the smallest option available, and it’s not easy finding something super-small at a reasonable price plus shipping (Postage to Australia is often twice the cost of the case). I managed to source the ubiquitous Universal M350 case on eBay for $25 dollars, and you can expect to pay around $40+ buying new. There are a number of other suitable cases for this project, but I recommend the M350 or similar (ie. the Morex 557 case).

Important note on front panel headers – Mini-ITX motherboards usually have standard front panel pinouts (Power Switch, Power LED, Reset Switch & HDD LED) but some Mini-ITX cases, particularly the smaller ones like the M350 and Morex 557, have a 2×3 pin block with 4 pins actually being in use for Power Switch and Power LED. If you come across this issue, just download the product spec sheet (M350 here) and look for the pinout which will tell you which pins go where, or see this screenshot.