Step 4: Installing the Firewall

It’s time to assemble the pieces.

One of the network adapters in the firewall PC needs to be connected to one of the available ports on the DSL or cable modem provided by the ISP. A good quality network cable (Cat5 or better) cable with RJ45 connectors at each end should be used.

The additional network adapter should be connected to a network hub in order to allow all of the home or small office devices to connect to the Internet through the firewall.

Run the Installer

Either plug in the USB Flash Drive or insert the CD/DVD into the firewall PC and power it up. If the boot sequence for the PC is configured correctly, the IPFire boot screen should show up and the installation can start.

Follow the IPFire Installation directions, assigning the two network adapters to the RED and GREEN interfaces. RED should be the adapter that is connected to the ISP modem, and GREEN should be the adapter connected to the network hub.

Depending on the ISP modem and configuration requirements, additional steps may be required specific to the ISP. Referring back to the original ISP instructions on connecting to their service should be helpful.

For a Raspberry Pi, there’s nothing to install. The image is ready to run.

Initial Setup

The initial setup phase of the installation requires site-specific information like the time zone, as well as picking a name for the firewall. When it comes to the domain, unless there is a domain already assigned by the ISP, it’s easiest to leave this as “localdomain” for now.

Network Setup

Unless more than two network adapters are being used, the RED + GREEN configuration should be selected for the network configuration type. This will automatically set the RED interface to connect to the Internet (through the ISP modem that you plugged it in to) and the GREEN interface will serve as the gateway for all of the devices connecting through the firewall to the internet.

More information on different configurations can be found here.

After It’s Installed

During the writing of this article, we discovered that there is a known issue with some installations not working with DNS correctly (e.g. “server not found” errors when trying to browse). If this is the case, then a configuration item may need to be changed by doing the following:

  • Log into the firewall machine at its console as root, using the root password assigned during the installation.
  • At the # command prompt, type “vi /etc/unbound/unbound.conf” (without the quotes)
  • This is NOT a what-you-see-is-what-you-get (WYSIWYG) editor! Be careful what you type here.
  • Using just the down-arrow key, look for the line that says “Val-permissive-mode: no”.
  • Using just the right-arrow key, move the cursor until it is over the “n” in “no”.
  • Hit the “x” key twice. That should delete the word “no”.
  • Hit the “i” key. This will now allow you to insert new text.
  • Type “yes” (without the quotes).
  • The line should now look like “Val-permissive-mode: yes” (without quotes).
  • Hit the “esc” key.
  • Type “:wq!” (without the quotes). This should save the file and exit the editor.
  • You should find yourself back at the # command prompt (whew!).
  • Type “reboot” (without the quotes). The firewall machine should restart.

If you are not familiar with the venerable vi editor, don’t worry. A lot of computer professionals have probably never used it either. It is, however, an excellent “quick and dirty” editor for editing configuration and other files from a command prompt on a Linux machine.