Raspberry Pi : Dedicated Firewall -

Creating a dedicated firewall using a Raspberry Pi and the open source firewall solution “IPFire“.

Some time ago, as a personal interest project, I re-purposed a Raspberry Pi 3b and added it as a dedicated firewall solution for our home network. It was interesting to set up, it did not take long and since it has been connected our internet connection has remained stable and quick.

We were experiencing intermittent trouble with the stability of our connection at home and since the connection of the dedicated firewall solution that trouble seems to have ceased, though that may be purely a coincidence as I have no specific presentable information to correlate the installation of the firewall to the easing of connection issues. Still, I was quite intrigued by this project before I installed it and was absolutely inspired after getting it working that I felt overall this was quite a positive experience.

If you want to create a dedicated home firewall solution this will by no means be my last project or experimentation with this type of configuration, but it does offer a (albeit ‘seemingly’) effective solution, and is not one that is too expensive. I followed the setup for the open source firewall known as ‘IPFire’.
The steps I followed can be found here: https://wiki.ipfire.org/installation/

What you will need for this to work:

1 x Raspberry Pi with 4gb+ mSD card
· I had a spare Model 3B and this was quite effective, though you can check the links below
· Compatible Pi Models: https://wiki.ipfire.org/hardware/arm/rpi/
· Purchase a Raspberry Pi here on Amazon

1 x USB to Ethernet Dongle
· I purchased one for approximately $15 on eBay
· A list of compatible dongles: https://wiki.ipfire.org/hardware/networking#usb_lan-dongle/

1 x spare additional LAN cable.

Also, please note – my example here is working with an Internet / Network setup that involves:

· 1 x Modem connected to wall port for Internet connection.
· 1 x Wireless Router connected by Ethernet to the Modem

My Modem had all wireless routing disabled and I had specifically connected the Router to the modem via an Ethernet cable. The new setup involves an Ethernet cable from the Modem to the Raspberry Pi, then from the Raspberry Pi’s additional Ethernet port to the Router, situating the Pi between the Modem and the Router, thereby filtering all of the internet traffic before it gets to the home network.

I am noting these details before we get further along as the setup will be different if not using separate devices for Modem and Router.

The first step is to prepare the SD card with the installation of IPFire.
Following the steps here https://wiki.ipfire.org/installation/howto_flash_arm_image/ I easily located the image file and the SD Flashing tool and installed the required image on the SD card.

I then inserted the SD in the Raspberry Pi, added the USB dongle to the Pi, connected the modem ethernet cable that was originally going from the modem to the router instead now so it was going from the modem to the Raspberry Pi Ethernet Port, and an additional LAN cable from the additional ethernet port on the Pi to the Router. I connected a USB Keyboard and HDMI monitor temporarily for the purposes of the setup, and once set up was completed I have removed the Keyboard and Monitor and am now running the Firewall as a ‘headless’ setup, with the only things connected to the Pi are now the power pack and the two ethernet cables.

On the initial boot, the setup asks you to configure the IPFire installation. Some important things to note:

· The two ethernet ports on the Raspberry Pi will be labelled with a colour, either Red or Green depending on the setup, and this will need to be selected in the setup menu for the initial installation.
· The ‘Red’ ethernet port, is the port that is connected to the modem. It is remembered as the ‘Red’ connection as this is the direction of the unfiltered devices, or the connection to the external internet.
· The ‘Green’ connection is to indicate the filtered traffic side, and this is the ethernet port that is connected to your Router.

All of the devices on your network will be best on the ‘Green’ or ‘Filtered traffic’ side, and the Red side is the incoming connection that requires the filtering or security checks of the firewall.

Two devices also means two network addresses, known as IP Addresses. For a basic home setup, a modem may have an IP address of say ‘192.168.1.1’ with other devices on the network then being given an IP address when they connect to the modem or router. All devices that connect to the network will be given a unique IP address, but it will be in the same ‘subnet’ or “network range” for the one network. In this case, where we have a modem, then a router, then devices connecting to the router, the modem might be ‘192.168.1.1’ and the router then ‘192.168.1.2’ and a device connected to the router would then be given ‘192.168.1.3’ and so on.

This is quite the simple setup, though the introduction of the firewall requires that there is an additional ‘subnet’ or “network range” that is created to separate the unfiltered network side from the filtered / protected network side. An IP (IPv4) address is made up of 4 numbers, separated by a decimal or dot, each number between 0 and 255. The subnet, or ‘network range’ in the above example is ‘192.168.1.1 – 192.168.1.255’ indicating within this subnet, there is from 1 – 255 devices connected in this one subnet. Separating the network on one side of the firewall from the network on the filtered side of the firewall with different subnets, means that we need to set a different subnet for each side. For this example, we will use simple address ranges.

We can have one side, the Red side which involves the Modem and the Raspberry Pi Red connection on one subnet. The Green side will be the Raspberry Pi Green Ethernet port, the Router, and all devices on the home network.

The modem and Red connection will go on 192.168.1.x. The modem will be set to 192.168.1.1, and the Red ethernet port on IPFire will be set to 192.168.1.2, and the green side can go on 192.168.2.1, with the router being set to 192.168.2.2.

With this setup, the installation and set up was a breeze. All that was required then was to follow the steps to connect to and configure the existing firewall, and with that working, then to remove the keyboard and monitor from the Raspberry Pi unit and check that other devices that use the home network were able to connect to the home router ok. If they connected to the router, and had internet access then it is working as expected! If there is no internet connection, or the devices will not connect to the router then there may be some additional troubleshooting steps, and unfortunately while I can’t cover all possible scenarios here hopefully knowing the difference between will connect to the router but has no internet access, vs won’t connect to the router is enough to help you determine where to start looking for possible solutions to resolve the connectivity.

With the device connected and configured correctly, you will find it is accessible using an internet browser and IP Address with the configured login information. The firewall settings can then be administered via this webpage interface hosted on the home network from the firewall device, in this case the Raspberry Pi.

The simplicity of using a web interface hosted on the home network for control and administration of the firewall, combined with the connectivity of a Raspberry Pi device, let me to think about what other practical usage could be made available from the addition of one of these units, specifically things like an at-home-virtual-assistance, and a SmartHome central control interface. A touchscreen can easily be added to a connected Raspberry Pi unit, as could a USB Speaker/Microphone, and suddenly custom voice commands and an extendable web interface seems to be such an awesome plus to this kind of set up that I am inspired to start designing one of my own.

I really like the interface for the IPFire firewall, the ease of setup and the availability of additional features and plugins that can be added for extendibility, it has been such an effective and enjoyable project that I wanted to share it here and sincerely recommend this solution as an effective home firewall project, and a great opportunity for learning and inspiration. If you already have a spare Raspberry Pi and want to put it to good use or you want a cost-effective firewall solution this is a great place to start. Thanks and keep watching this space for more to come on the planning and design of an all in one integrated smart home, virtual assistant, Network storage, media centre and communication hub solution. As it unfolds, it will certainly be an interesting topic of practical learning and inspiration!