🐧Setting up a NFV Function for IPFire🔥

IPFire is a versatile, open-source firewall distribution built on Linux, designed to provide robust security features for networks of all sizes. It is renowned for its flexibility, ease of use, and strong security capabilities.

Key Features:

1. Firewall & Security: IPFire uses stateful packet inspection and can function as both a traditional firewall and a proxy firewall. It includes intrusion detection and prevention systems to safeguard against a wide array of threats.

2. Modular Design: Its modular design allows users to extend its functionality with various add-ons, covering aspects such as hotspots, VPN support, web filtering, and advanced network monitoring.

3. VPN Support: IPFire supports both IPsec and OpenVPN, making it an ideal choice for establishing secure remote connections.

4. Easy Administration: The intuitive web-based interface simplifies configuration and management, allowing administrators to monitor and adjust settings with ease.

5. Performance: Optimized for high performance, IPFire can handle substantial network traffic efficiently, making it suitable for both small and large-scale deployments.

6. Community & Support: Backed by a strong community, users can access a wealth of resources, including documentation, forums, and regular updates to keep the system secure and up-to-date.

IPFire is an excellent choice for anyone seeking a reliable and customizable firewall solution to protect their network infrastructure.

Here are the instructions to setup IPFire.

Ensure you have libvirt installed:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install qemu-kvm libvirt-daemon-system libvirt-clients virtinst cpu-checker libguestfs-tools libosinfo-bin

Create a 4GB image file:

sudo qemu-img create /var/lib/machines/ipfire.img 4500M

Download IPFire:

wget https://downloads.ipfire.org/releases/ipfire-2.x/2.29-core186/ipfire-2.29-core186-x86_64.iso

Create a br0 and br1 via the administrative interface. br0 will be the LAN (GREEN) and br1 (RED) with be the WAN.

Here is the nftables configuration on the Edge to use a single host IP on the firewall:

# Create the file /etc/bonding/nftables/nat-prerouting-ipv4-port-forwarding.nft
ip daddr 102.134.243.207 dnat to 100.100.127.255
# where 102.134.243.207 is the floating IP and 100.100.127.255 is the DHCP assigned address of openwrt.
sudo systemctl reload bonding-nftables

Create the virtual machine for IPFire:

sudo virt-install --os-type=generic --virt-type=kvm --name=ipfire --ram=1024 --vcpus=2 --virt-type=kvm --hvm --cdrom ipfire-2.29-core186-x86_64.iso --network bridge=br0,model=virtio --network bridge=br1,model=virtio --connect qemu:///system --disk path=/var/lib/machines/ipfire/ipfire.img,bus=ide --wait 0

Now connect to the console to continue:

sudo virsh console ipfire

Install IPfire using the serial option.

Accept all the standard options. Yes, it looks very similar to a debian install.

Then reboot.

Start the virtual machine.

sudo virsh start ipfire

Reconnect to the console.

Complete the install. Again similar to Debian.

Configure the GREEN and RED networks.

Make the Green network a static of 192.168.254.254/24 and the WAN DHCP. Configure the DHCP server and Bob's your aunty.

You can now plug into the Ethernet on the edge LAN port and access the Web UI on https://192.168.254.254:444

Ronald Bartels works connecting Internet inhabiting things at Fusion Broadband.