Ricmedia PC Help

Tech guides for everyone

  • Home
  • Browsers +
    • Chrome
    • Chromium
    • Firefox
    • Internet Explorer
    • Microsoft Edge
    • Safari
    • Opera
    • Browsers (all)
  • Windows +
    • Windows 10
    • Windows 8/8.1
    • Windows 7
    • Windows Vista
    • Windows XP
    • Windows (all)
  • Other OS +
    • Linux
    • MAC OS X
    • Raspbian
    • Other OS (all)
  • MS Office +
    • Office 2013
    • Office 2010
    • Office 2007
  • Raspberry Pi
  • More +
    • Software
    • Networking
    • Hardware
    • Builds
    • Tools & Apps
    • Miscellaneous
    • Support +
      • Help
      • About
      • Sitemap
      • Contact
    • Legal +
      • Privacy
      • Terms
      • Disclaimer
      • Copyright
You are here: Home / Builds / Build Your Own Mini-ITX Firewall with IPFire – Complete DIY Guide

Build Your Own Mini-ITX Firewall with IPFire – Complete DIY Guide

March 15, 2017 By Richie Leave a Comment

Basic IPFire Configuration

You can now connect the RED WAN port to your modem, then hook up your GREEN port to a switch and connect all your PC’s to that (IPFire will act as a router on the GREEN interface handing out IP address leases to anything that connects, that’s why we only need a switch which simply relays data). Go to your normal PC and open your web browser, you should have full internet access (troubleshooting here) then follow the guide below or watch the slideshow further below:

  1. Type https://192.168.2.1:444 into your web browser address bar and hit Enter
  2. You’ll be presented with a Certificate Warning, click "Continue" or "Advanced > Add Exception"
  3. The username and password box should pop up, type admin for username, then enter the same Admin password you used when you setup IPFire
  4. You should now be inside the IPFire web administration interface
CHANGE DNS TO GOOGLE DNS SERVERS
  1. Go to Network > Assign DNS-Server then enter 8.8.8.8 for Primary DNS and 8.8.4.4 for Secondary DNS, click Save
SETUP INTRUSION DETECTION
  1. If you wish to use Intrusion Detection, you will need to sign up with a free account at Snort.org and generate an Oinkcode
  2. Go to Services > Intrusion Detection and check the "RED Snort" check box, choose "Sourcefire VRT rules for registered users" from drop down, then copy and paste your Oinkcode into the text field, click Save
  3. Once saved, click the "Download new ruleset" button (can take a few minutes)
ENABLE/DISABLE P2P NETWORKS
  1. Go to Firewall > P2P networks and uncheck any P2P networks you don’t want enabled, then check the "Using P2P protocol is allowed" checkox
  2. Go to Firewall > Firewall rules and click the "Apply changes" button
UPDATE IPFIRE
  1. Go to IPFire > Pakfire then click the "Refresh list" button (this can take a while, if it hangs click the little refresh icon)
  2. Any new updates will show on the right-side select box (empty by default) click the download icon to update your system
INSTALL ANTIVIRUS
  1. Go to IPFire > Pakfire and inside the "Available addons" select box, find "clamav-xx.xx" then click the plus + icon, do the same for "squidclamv-x.xx"
  2. Go to Status > Services and under the "add-on – Services" section confirm that clamav is RUNNING
  3. Go to Network > Web Proxy and set the following options:
    • Enabled on Green: Yes
    • Transparent on Green: Yes
    • Processes: 30
    • SquidClamav Enabled: Yes
    • URL filter Enabled: Yes
    • Update accelerator Enabled: Yes
    • Log enabled: Yes
    • Log query terms: Yes
    • Activate cachemanager: Yes
    • Memory cache size: 256
    • Cache administrator email: [your email address]
    • Cache administrator password: [password]
    • Hard disk cache size: 5120 (ie. 5GB or amount suitable for your drive)
    • Max object size: 6144 (ie. 6MB)
    • Do not cache these domains: [domains you don’t want cached]
  4. Scroll down and click Save and Restart button
SETUP GEOIP BLOCKS
  1. Go to Firewall > GeoIP Block then check "Enable GeoIP based blocking" check box, choose countries, then click Save button
  2. Suggested countries are:
    • Brazil
    • Colombia
    • China
    • Egypt
    • Ghana
    • Hungary
    • Iran
    • Indonesia
    • Latvia
    • Malaysia
    • Mexico
    • Nigeria
    • Philipines
    • Romania
    • Turkey
    • Ukraine
    • Venezuela
    • South Africa
    • See: Top 10 Countries Where Cyber Attacks Originate
    • See: Countries with the most and least online fraud
    • See: 10 High-Risk Online Fraud Countries That Stripe & PayPal Merchants Should Monitor

Summary

You should now have a fully fledged IPFire firewall protecting your network 😉 Some things to look into are using the VPN features (OpenVPN or IPSec), browsing all the available Add ons for IPFire, Static Leases, URL Filter, Dynamic DNS and QoS. So I hope this guide has helped you build your own firewall and if you have any questions or comments, leave them below or email me directly.

  • IPFire
  • IPFire Homepage (official)
  • IPFire Wiki
  • IPFire Forums
  • Parts, Hardware
  • Logic Supply (components)
  • Mini-Box (US)
  • Mini-Box (AU)
  • eBay.com – Computers and Networking
  • NewEgg.com
  • TigerDirect.com
  • MicroCenter.com
  • NCIX (CA)
  • Technical Reference
  • Firewall at Wikipedia.org
  • Comparison of Firewall Operating Systems at Wikipedia.org
  • Next Generations Firewall at Wikipedia.org
  • OpenVPN.net (official)
  • IPSec at Wikipedia.org
  • Intrusion Detection System at Wikipedia.org
  • QoS (Quality of Service) at Wikipedia.org
  • Mini-ITX at Wikipedia.org
Pages: 1 2 3 4

Filed Under: Builds, Firewalls & Security, Hardware, Linux, Motherboards, Network Adapters, Networking, Other OS, Power Supplies Tagged With: antivirus, clamav, DNS, firewall, GEOBlock, IDS, infosec, Intrusion Detection, IPFire, Mini-ITX, MiniITX, Oinkcode, Online Security, P2P, Privacy, security, Sourcefire VRT, squidclamav

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Help & Support • Legal, Terms & Privacy • Contact Details • Copyright ©2006- Ricmedia • Part of the Ricmedia group of websites   Part of the Ricmedia group of websites