IPFire: A User-Friendly Linux Firewall Distribution
Securing your network is an incredibly challenging task, one that’s made even more difficult by software that adds yet another layer of complexity on top. And let’s face it, most firewall tools are the stuff of user nightmare. That’s why, when a firewall tool strips away some of that complexity, it deserves attention.
One such tool is IPFire, an open source Linux distribution geared specifically for the task of firewalls. This particular distribution is hardened, secure, easy to operate, and ready to serve enterprise, small-to-medium businesses, and even home users. IPFire was designed for users new to firewalling, so it places a premium on user-friendliness.
How user friendly is IPFire? Let’s install it and find out.
The installation of IPFire might be the one stumbling block for new users. The install is text-based and might intimidate those who haven’t previously installed Linux. Fortunately, the installation is not hard. In this article, I’ll demonstrate how to install IPFire via a VirtualBox virtual machine. If you’re planning on doing the same, you must make sure to enable a second network adapter (before booting the ISO image for installation). One adapter will be used for the Green networking segment and one for the Red networking segment (more on this in a bit).
Once you’ve downloaded the ISO image and burned it to either a CD/DVD or USB drive, insert the newly created media and boot the machine. You will be greeted by the IPFire splash screen (Figure 1), where you select Install IPFire.
Once you get beyond the splash screen, you will be presented with the ncurses-based installer. In the next few windows (Figure 2), you will have to accept the license, configure the language, and partition/format the drive.
This portion of the installation will complete very quickly and then require you to reboot. Once you’ve rebooted, you will be presented with the next phase of the installation, where you’ll configure the keyboard mapping, timezone (make sure this is correct), hostname, domain name, root user password, admin user (for the web interface) password, and then the network options. It isn’t until you get to the network configuration type that you might be tripped up. Here (Figure 3), you must select from the four options:
GREEN + RED
GREEN + RED + ORANGE
GREEN + RED + BLUE
GREEN + RED + ORANGE + BLUE
What do these choices all mean? Each color represents a different network segment. The breakdown is as follows:
Red - WAN - External network connected to the Internet
Green - LAN - Internal/Private network connected locally
Orange - DMZ - The DeMilitarized Zone, an unprotected/Server network accessible from the internet
Blue - WLAN - Wireless Network
You will want to select the combination that best-suits your network. For my testing purpose, I’ve selected GREEN + RED. Once you’ve made that you will be returned to the Networking configuration menu. Select Drivers and card assignments. In this new window, you must assign a network card to a color. Select one of the colors and then, when prompted (Figure 4), assign an interface to the color.
Once you’ve assigned the interfaces to colors, tab to Done and hit Enter on your keyboard. Back on the Network configuration menu, select Address settings. In the next window, select a color and then configure it for your network. You’ll need to give it an IP address and a network mask (Figure 5).
Make sure to configure both network interfaces. Once you’ve done that, tab to Done and hit Enter on your keyboard. The final network configuration is DNS and Gateway settings. Select that option and then, when prompted, enter the proper information (Figure 6).
Once you’ve finished the network configuration, you can then set up an optional DHCP server (Figure 7).
At this point, IPFire will boot and land at a login prompt. You can either log in (using the user root and the password set during installation) or point your browser to http://SERVER_IP:444 (Where SERVER_IP is the IP address of the IPFire server).
At the web interface, login with the user admin and the password you set for that user during installation. Once you’ve successfully logged in, you will be presented with the IPFire web-based interface (Figure 8).
What to do now?
You are ready to start configuring your firewall. For full documentation on firewall setup, check out the official IPFire Documentation. Let’s say you want to configure a port-forward rule (so that traffic from the WAN can be properly directed to an machine on your LAN). For this you’ll need an originating source and a target destination. To create the new rule, click Firewall > Firewall Rules. In the resulting window, click New rule.
You will now need to configure the port forwarding rule (Figure 9).
Select Source address and enter the address for the originating source. Next click the check box for User Network Address Translation (NAT) and select Destination NAT. Next you must select the firewall interface for the NAT rule.
In the Destination section, click the check box for Destination address and type the IP address for the destination. With the address added, select the necessary protocol for the translation. Once you’ve selected the protocol, you can then add the required source and destination port for the NAT (Figure 10).
Click Add (at the bottom of the window) and you will be presented with a window displaying your new rule. If everything is correct, click Apply changes and the new rule will be added to the system.
That’s all there is to creating a new firewall rule with IPFire. It really is that easy.
Ease of use and security
If you need two reasons to give IPFire a try, they should be ease of use and security. You’d be hard-pressed to find a Linux-based firewall distribution that is as easy to setup and manage … that gives you this level of security. IPFire is an outstanding open source firewall solution. Give this distribution a test and see if it doesn’t make securing your network a very simple task.