Ricmedia PC Help

Tech guides for everyone.

Build Your Own Mini-ITX Firewall with IPFire – Complete DIY Guide

By Leave a Comment

Basic IPFire Configuration

You can now connect the RED WAN port to your modem, then hook up your GREEN port to a switch and connect all your PC’s to that (IPFire will act as a router on the GREEN interface handing out IP address leases to anything that connects, that’s why we only need a switch which simply relays data). Go to your normal PC and open your web browser, you should have full internet access (troubleshooting here) then follow the guide below or watch the slideshow further below:

  1. Type https://192.168.2.1:444 into your web browser address bar and hit Enter
  2. You’ll be presented with a Certificate Warning, click "Continue" or "Advanced > Add Exception"
  3. The username and password box should pop up, type admin for username, then enter the same Admin password you used when you setup IPFire
  4. You should now be inside the IPFire web administration interface
CHANGE DNS TO GOOGLE DNS SERVERS
  1. Go to Network > Assign DNS-Server then enter 8.8.8.8 for Primary DNS and 8.8.4.4 for Secondary DNS, click Save
SETUP INTRUSION DETECTION
  1. If you wish to use Intrusion Detection, you will need to sign up with a free account at Snort.org and generate an Oinkcode
  2. Go to Services > Intrusion Detection and check the "RED Snort" check box, choose "Sourcefire VRT rules for registered users" from drop down, then copy and paste your Oinkcode into the text field, click Save
  3. Once saved, click the "Download new ruleset" button (can take a few minutes)
ENABLE/DISABLE P2P NETWORKS
  1. Go to Firewall > P2P networks and uncheck any P2P networks you don’t want enabled, then check the "Using P2P protocol is allowed" checkox
  2. Go to Firewall > Firewall rules and click the "Apply changes" button
UPDATE IPFIRE
  1. Go to IPFire > Pakfire then click the "Refresh list" button (this can take a while, if it hangs click the little refresh icon)
  2. Any new updates will show on the right-side select box (empty by default) click the download icon to update your system
INSTALL ANTIVIRUS
  1. Go to IPFire > Pakfire and inside the "Available addons" select box, find "clamav-xx.xx" then click the plus + icon, do the same for "squidclamv-x.xx"
  2. Go to Status > Services and under the "add-on – Services" section confirm that clamav is RUNNING
  3. Go to Network > Web Proxy and set the following options:
    • Enabled on Green: Yes
    • Transparent on Green: Yes
    • Processes: 30
    • SquidClamav Enabled: Yes
    • URL filter Enabled: Yes
    • Update accelerator Enabled: Yes
    • Log enabled: Yes
    • Log query terms: Yes
    • Activate cachemanager: Yes
    • Memory cache size: 256
    • Cache administrator email: [your email address]
    • Cache administrator password: [password]
    • Hard disk cache size: 5120 (ie. 5GB or amount suitable for your drive)
    • Max object size: 6144 (ie. 6MB)
    • Do not cache these domains: [domains you don’t want cached]
  4. Scroll down and click Save and Restart button
SETUP GEOIP BLOCKS
  1. Go to Firewall > GeoIP Block then check "Enable GeoIP based blocking" check box, choose countries, then click Save button
  2. Suggested countries are:

This slideshow requires JavaScript.

Summary

You should now have a fully fledged IPFire firewall protecting your network 😉 Some things to look into are using the VPN features (OpenVPN or IPSec), browsing all the available Add ons for IPFire, Static Leases, URL Filter, Dynamic DNS and QoS. So I hope this guide has helped you build your own firewall and if you have any questions or comments, leave them below or email me directly.

Leave a comment

HELP & SUPPORT

NEWS & FEED

SOCIAL