Build a Mini-ITX Firewall with IPFire

Posted
Comments 0

Build a Mini-ITX Firewall with IPFire

Today I will show you how to build your very own compact Mini-ITX Firewall with the excellent (and Open Source) IPFire firewall operating system. You can also use any old PC with an extra Ethernet card, but this guide will focus on the Mini-ITX form factor and parts suitable for it.

Contents

Motherboard

There are a number of suitable Mini-ITX motherboards on the market, and I’ll give description and links for them. If you’re building from parts other than specified here, just make sure you have a motherboard with dual LAN/Ethernet ports, or a spare slot for an extra NIC card. IPFire requires a minimum of 2 LAN ports to work (Red and Green networks). Other than that, all you need is minimum 1GHz CPU, 1GB RAM and a 4GB hard disk, but definitely use a SATA SSD hard drive for this build.

The first two motherboards I list have built-in CPUs, and are suitable for small to medium sized networks. The third motherboard is a beast suitable for large networks.

Mitac PD11BI CC

The Mitac PD11BI CC motherboard has a built-in CPU (Celeron J1900), dual LAN ports, and takes DDR3L-1600 SODIMM which is perfect for our firewall. Suitable for small to medium sized networks.

  • Intel Celeron J1900 Quad Core Processor, 2 – 2.41 GHz
  • Supports 2 x DDR3L 1600 SODIMM RAM, Max 8GB Capacity, 1333MHz Minimum, Low Voltage 1.35V Required
  • Supports Dual Display via VGA and DVI-I
  • Dual RS232 COM Ports, Dual GbE LAN; PCI-E x1 Expansion, Mini PCI-E (half/full length)
  • Mini ITX Form Factor: 170mm x 170mm (6.7” × 6.7”)

Jetway JNF694-4200

The Jetway JNF694-4200 has a built-in Pentium N4200 Quad Core CPU, Dual LAN, and takes DDR3L 1866 SODIMM laptop RAM. Suitable for small to medium sized networks.

  • Intel Pentium N4200 Quad Core Processor
  • 2 x DDR3L-1866 SODIMM slots, Supports up to 8GB, 1.35V Low Voltage Required
  • Supports Triple Display via DisplayPort, HDMI, and LVDS; M.2 SATA slot, PCI-E 2.0 ×1 slot
  • Dual GbE LAN, Mini PCI-E slot (Full sized), SIM Card Socket
  • Mini ITX Form Factor: 6.7” × 6.7”

Mitac PH12CMI-Q470E-12V

The Mitac PH12CMI-Q470E-12V takes 10th generation Comet Lake LGA1200 CPU’s and is a Thin Mini ITX Motherboard (very low profile). It has Dual LAN, takes DDR4 SODIMM RAM up to 64GB, and has an PCIe 3.0 M.2 slot for very fast operating system performance. It also runs on 12v DC. Suitable for large networks.

  • Supports Intel 10th Gen Comet Lake Processors, LGA1200
  • 2 x DDR4 SODIMM slots up to 64GB
  • PCI-E 3.0 ×4 slot, M.2 2280 slot, M.2 2230 slot, Mini PCI-E slot
  • Dual Intel GbE LAN
  • Thin Mini ITX: 6.7” × 6.7”, 12V DC-IN (2.5mm/ID, 5.5mm/OD)

Recommended CPU for Mitac PH12CMI-Q470E-12V

Intel® Core™ i7-10700 Desktop Processor 8 Cores up to 4.8 GHz Without Processor Graphics LGA1200 (Intel® 400 Series chipset) 65W

Other Parts

PSU/Power Supply

You’ll need a special PSU/Power supply called a PicoPSU and a minimum 120 watts with a 12v connector. I recommend the Mini Box PicoPSU-150-XT 12V DC-DC ATX power supply

AC/DC Power Adapter

You’ll also need an AC/DC 12v power adapter, minimum 7 Amp, with a 5.5mm connector: Search Amazon

Case

And a good Mini-ITX case like the Morex 557 Universal Mini-ITX Case, Fan-Less, Compact

Download & Install IPFire

After you’ve built your firewall PC, let’s install IPFire. It’s a bit complex for novices, but I will do my best to guide you through it with screenshots and text instructions.

Download IPFire

Let’s download the latest version of IPFire and burn to a USB drive

  1. Download the latest version of IPFire, choose x86_64 ISO
  2. Download Rufus for flashing to USB
  3. Insert a USB drive (minimum 4GB) into a USB port on your PC
  4. Open Rufus and select your USB drive from the list under Device
  5. Under the Boot Selection heading, click SELECT and choose the IPFire ISO you downloaded earlier
  6. Leave everything else at defaults and click START
  7. Rufus will ask “Write in ISO image mode (recommended)” leave this selected and click OK, then Yes to “Download required” prompt
  8. Click YES/OK to any further warning prompts.
Flash IPFire onto a USB drive using Rufus

Install IPFire

Before installing IPFire, make sure you have a LAN cable running from the IPFire pc and your modem/router (this will be the RED interface), and a cable running to a switch where the rest of your computers/devices will be connecting (this is the GREEN interface). Once that’s done, insert the USB drive and boot up your machine and we’ll run through the screens:

  1. TIP: Use the TAB key to switch between options and ENTER to select
  2. You should see the boot screen for IPFire, choose the default option Install IPFire
    IPFire boot screen
  3. Choose your Language then OK
  4. Press ENTER for the Start installation prompt
  5. Use TAB to move cursor then SPACE BAR to select I accept this license prompt, then OK
  6. Select Delete all data then ENTER
  7. Select ext4 Filesystem, then OK
  8. IPFire will start installing and should be complete in a few minutes
  9. Press ENTER to Reboot

Configure IPFire

After IPFire reboots, you will be asked to configure the system. I have given examples that can be used, but if you’re more experienced, you’re welcome to customize.

Basic Configuration

  1. Choose your language, then select OK (ENTER)
  2. Scroll up/down to select your time zone, then OK (please don’t skip this step, system time is very important!)
  3. I suggest leaving hostname to the default ipfire but you’re welcome to change. Then OK
  4. You can name your network anything you want, I chose richome
  5. Enter a strong password for root user, confirm password, then OK
  6. Enter a strong password for admin user, confirm password, then OK (this user will login to the web interface)

Network configuration type

  1. Select Network configuration type, then OK
  2. If you have two LAN ports, make sure GREEN + RED is selected, then OK

Drivers and card assignments

  1. Select Drivers and card assignments, then OK
  2. Select GREEN, then TAB to select Identify, then ENTER. Take note of which LAN port is flashing it’s LED on the motherboard I/O, then label this port as GREEN and the other as RED
  3. TAB to Select and press ENTER
  4. Select RED then Select to assign the remaining LAN port to the RED interface

Address settings

  1. Select Address settings, then GREEN. For IP address enter 192.168.1.1 and leave Netmask at 255.255.255.0, then OK
  2. Select RED, change Static to DHCP, then TAB to OK
  3. Use TAB and select DONE

DHCP server configuration

  1. Use SPACE BAR to select Enabled for DHCP server configuration, then enter the following info:
    1. Start address: 192.168.1.2
    2. End address: 192.168.1.230
    3. Leave everything else at defaults and select OK
  2. Select OK and you’re done.

Login and Configure IPFire

Hook a pc up to the switch on the GREEN network and enter your IPFire’s IP address appended with port :444. For example, during my setup, I gave my IPFire the IP address of 192.168.1.1, so I would enter 192.168.1.1:400 into my web browser address bar.

The IPFire Dashboard

There is a lot of extra services and plugins that can be configured and far too much for this guide. So instead, I will give links to some good resources for you.

Conclusion

I hope everything went smoothly for you and you have a ripper little IPFire firewall up and running to protect your network. If you did have any issues, hit me up in the comments or socials/email.

See Also

Further Reading

Author
Categories Firewalls & Security, Motherboards

Comments

There are currently no comments on this article.

Comment

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.