Firewall For Your Home Or Office - For Free! How To Set Up Ipfire On Raspberry Pi. ipfire vs pfsense

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys welcome to JS teen travel by loyal Tekken Security today I want to talk to you about firewall a home firewall did you know we can put a firewall on this Raspberry Pi this is a $ 3040 device I got it for free and I can use this to run a firewall for my home why would we want a firewall well you know for security reasons for small to midsize businesses we can run these um for cheaper cost so if you were to take a look we have cisos foret H Alto Juniper we have lot of vendors who sell these devices for a very expensive price and I'm going to go into that in in further detail but before we move forward uh make sure to like And subscribe to thean channel in this video and hit that Bell notification icon for any future updates and you can also visit our website loyal Tech and SEC loyal Tech security.com and if you have any questions uh feel free to reach out to us over your phone or send us a comment and then we will be able to answer those questions so before we move forward into a Raspberry Pi I wanted to show you how much these devices cost usually so if we start up with Cisco Appliance Cisco secure firewall Firepower is about $729 $289 with a one year of subscription you get for IPs AV and those type of security features and every year you have to renew that same goes with foret Device this is 60f um price is about $ 886 then you have palow Alto even more expensive about $1,500 P have always been expensive and the same thing one year bundle you get with the subscription and then the next year you have to renew that Juniper this is an old box srx210 this is an older box but even that is more expensive $225 so what type of security we can get at home we cannot afford that if you cannot afford that then we can get a free firewall onto this and I'll show you how do that so if you look at page number two what we need to run a perfect firewall so this right here is a Raspberry Pi 3 3+ and you can see the configs on that the Raspberry Pi 3 only has 10 and 100 MVPs land port where as Raspberry Pi for has up to gigabit Port ethernet port with the usb3 the reason why it's important is because if you have a one gaig connection coming in from your ISP then the raspberry uh 54 is what I would recommend along with that because we only have one interface we at least need two minimum you need two even better if you have four and I'll explain why but since we only have one interface face you can buy this this is called a USB 3 the blue indicates three to an ethernet adapter and this is a 1 gig adapter I can connect this to a USB port and this will give me a one gig of speed so you can get that you can get you have one two three four USBS you can actually get four of those and you can plug in each ethernet into that so let's see how we can do this also what you will need is a flash drive usually this comes with the Raspberry Pi if not then you just grab one for Microcenter couple bucks two $3 usually you don't need a big one this is only 32 gig you can even use like 16 16 GB and that should be more than enough so first we're going to flash this how do we flash this let me show you when I insert this into the computer I'm going to come to I've inserted the flash drive I'm going to type in B eter okay I will submit this link in the description you go on to this link right here and you just download that yourself okay I have already downloaded that and we will open that up what BL erer does that it burns the iso image onto the flash drive so you can so you can boot up the um uh the firewall now what type of firewall are we going to use here there's a very good firewall we can use it's it's called IP fire if you go on to their main page IP fire is a very small file you can upload onto the raspberry bu and be able to utilize that as your firewall you can go to this IV fire.org go to download and they um used to have the armm version the arm version of the Raspberry Pi but I will submit that link for you to download into the in the YouTube description so you can download that file in our case we already have that file I'll show you I've already downloaded that downloaded that file and it's called IP fire Raspberry Pi 2.2 27 core I70 armm version 6 okay so we already have that I will paste a link for this in the the description so you can download that okay don't download these others because these other versions will not work on the raspberry pile next you're going to give it a uh a SSD or the SDHC card which is the flash drive the one I inserted and then I'm going to click Flash it's going to do its thing I'm going to say yes you can exit out of that the first window you'll get is this and the first thing you want to do is you want to go to this file called U EnV right click on it and go to edit and the serial console equals on you just want to type it off and save that's all you have to do on this uh flash drive after that you can close the flashing is complete and it has uh ejected that flash drive so I'm just going to pull it off the computer okay so what we have here now is that we just flashed the SSD uh the micro SD okay and we're going to take this out and this has the IP fire flashed on this this is our Raspberry p I'm going to plug it in back okay um I'm going to plug in the standard keyboard into a USB there you go HDMI into HDMI connector perfect I'm going to connect a second ethernet okay which is a USB adapter into a USB port me put this in here and put this right here so so now we have two ethernet one is right here second one is here we have to use one for the van one for the Lan okay now I'm going to power this up the adapter is already connected in the bottom and I'm going to power this up and you should see something on the screen so right now this is Raspberry Pi loading IP fire onto the Raspberry Pi and we're going to do a setup right here okay and that's it now we're going to set up the raspberry uh the IP fire so the keyboard backing is US time zone we are in Eastern Time Zone host name you can name it whatever you want I already have one IP fire on the network so I'm going to call this IP fire too okay domain name local domain is fine you can change it to whatever domain name you want give it a root password give it a strong root password as you can see I'm typing but you're not going to see anything here but rest assure it is typing click tab it will take you to the next uh confirm password and then hit okay twice okay and now you're going to set up an admin user password so give it a really good password hit enter so now this is the main thing let me explain to you because they're talking about green and red and it is very important that you understand a concept of red green so I have created this do uh this picture which shows exactly how the red green blue and all these colors mean so if you see right here uh and it it's better to keep it this sequence because otherwise it would just confuse you so think of red and as a van meaning your ISP connection is the red color your ISP is bringing in the internet to your house or your office that is The Red Connection the local landan is all your internal traffic to your house or if you're in the office all your internal office traffic for most home users you do not need the DMZ D mzs are where you host your public servers in this scenario we're not going to use uh DMZ Zone which is the orange and the Wi-Fi we're not going to use the additional ethernet for the Wi-Fi as well for the sake of simp Simplicity we are only going to use the red and the green basically the internet is coming from our ISP giving it to the IP fire and the IP fire is giving that Internet to our local local devices inside our house or our business okay so hopefully that is clear let's go back to the other screen so now here the first part is networking uh configuration type so this is where it's asking you what type of Internet do you want green red green plus red plus orange green red blue or green red orange blue what I just mentioned to you that's what it's it's referring to currently we are only going to go with green and red okay so green and red selected I'm going to click okay so that part is done drivers and card assignments that is very important Next Step as you can see green is unset and red is also unset we need to set that so I'm going to come to the green and from here which is this device you need to tell whether you want this right here the one I'm moving if you want that to be green or red or do you want this adapter I don't know if you can see that this adapter to be green or red in my case what I like to do the built-in one I like to to put that as a red and I like to put this one as green and I'll show you how you do that so I'm going to come to Red first hit enter and then as you can see it's giving me the options uh to select um and I am sure this right here semiconductor real tag semiconductor gigabit that is the USB one even though they both say USB don't go by that but the standard microsystem cor that is the built in um ethernet so this is for red I'm going to select the microsystem ones that's the built-in when I click okay and as you can see red is now assigned a standard microsystem ethernet now I'm going to go to the green hit enter and I'm going to assign the real TX semiconductor cor gigabit Ethernet so I'm going to click okay as you can see green is now given in a real Tech semiconductor USB ethern adapter I'm going to come to done so the second part is done now the address settings this is also very important so now we know Green is the internal red is the external which is your ISP let's do the red first I'm going to go to the rest uh red now it's asking do you have a static IP from your ISP or do you have DHCP or do you have PPP most of the home users they have uh DHCP at home they do not have static IP if you have static IP you can enter that static IP into here okay in our case because this is being done in a lab I'm going to connect it to a switch but in your case you will have a line which is just an Ethernet line coming either from your modem or from your internet provider so just think of this ethernet line as my Van Line okay so I am going to connect this is a van line I'm going to connect that into the red this is a red Port so I'm going to connect into that all right connected and I'm going to tell it it's not static it's DHCP so it is going to get the IP automatically then I'm going to come to okay and hit okay now I'm going to set up green now green is this one I need to set up what IP which is the internal IP I need to set so I can access this from internet from internal Network so I'm going to click okay I'm going to give it an IP now this is usually for routers just think of this as a router on routers you set up an IP for home usually this is like the very basic IPS people set that's fine you want to set up class A Class B Class C whatever works for you that's fine in my scenario I think that is going to create a conflict with other networks so I'm just going to go with 4.1 and I'm going to hit enter there and enter here and then okay and that's it it's done click done come back and hit done again now it's asking me do you want to configure a DHCP server meaning any computer connected to this or any switch I connected this needs a DHCP IP meaning it needs some type of IP automatically assigned that's what we're going to do here so I'm going to say enable the starting address we're going to type in 1921 1684 50 the reason why I do 50 is because all the IPS before 50 I like to reserve it for other static IPS but this is totally up to you how you want to do that um and then the end address you can do one 192168 4254 which is the last IP your DNS server can stay your your router IP or you can also add the secondary DNS which you can put Google DNS or or iOS DNS or Cloud uh um open Open DNS which is a Cisco DNS for security reasons really up to you everything else remains uh default unless you want to increase it IM Le 120 is fine hit okay setup is complete and that's it you're done now everything from this point forward needs to be set up from a computer so the way we will do it is we need to connect an Ethernet into here and then connect some computer to this so then we can access the goey part of that so let me show you how we do that so it is still starting and this is where it takes a little bit time generating SSH Keys it generates its own keys so let's give it like 5 10 minutes it's going to boot up and then it's going to come to the main screen I will keep this so you can see what it looks like okay as you can see it is fully loaded and now it's at the login screen okay so now we have connected the wire as I showed you and this computer is connected to that uh USB ethernet adapter now we need to find out what what's the IP uh was provided to this computer so we can log in to the uh IP file so let me just do this I'm also connected to the W Wireless l so you can ignore that we should have right here ethernet adapter and this is the default gateway and as you can see it assign the IP starting from 50 that is the range I gave it so let's go to this default gateway IP and one thing you have to note is that when you go to https when and your default gateway IP the default board is not 443 it's actually 444 for IP fire okay that keep that in mind because 443 is not going to take you to that the default Cod is 444 and this is where you're going to give it the admin user and the password you created go through this say yes this is IP fire firewall router SL Gateway everything built in with security with firewall with uh log information and everything so as you can see this top part is saying internet which was the red box or the red color and the network Lan which is our internal Network this uh IP fire does have internet connection right now and I'll show you if I disconnect I'm going to disconnect the wireless and I should still have internet I'm going to Ping google.com is you can see I can ping google.com if I do so that's that if I go to Amon or or security.com we should get that website there you go now this location has only 60 MVPs of speed it does not have one gig so even if you were to do a speed test let's see what we get because remember this is Raspberry Pi 3 I would highly recommend you get Raspberry Pi 4 for faster speed he I we are paying here for about 60 or 50 mags I think and we're getting more than that and this is all happening on that little box there's nothing in between here okay so anyway so that's the download speed uh let me go back to this IP fire and one thing as you can see it already has an update you can always do the update one thing I want to quickly share with you is the IPS that is very important because that is the main thing I feel like uh we need for this so if I go to firewall and intrusion prevention um and then you can click on ADD provider right here and then it gives you certain providers which are free there are certain providers which charge you also it's up to you if you want to get the the paid version or Community version that's up to you but the only thing with the community version is that the uh the IPS signatures are I think about a month delay which is okay for home users snort they tend to have actually Cisco uses snort IPS signatures also Cisco firewalls we I showed you earlier uses snort uh snort IPS so you can get that community version Rule and that's for free do not select this monitor only because it's not going to block the traffic it's only going to monitor it the whole idea for IPs is to block unwanted traffic I'm going to click add and that's it so you have IPS setup on your system as you can see I can enable it which device monitored devices I'm going to say enable on both click save and there you go this turned green so that means that the IPS is turned on now any traffic which has any issues or any malicious traffic is coming through it will block that on top of that um just show you the basic Network actually you can also do captive portal here which is very cool on this Zone configuration is if you have like DMZ server or if you have um Wireless or if you have like other uh zones meaning Finance HR whatever you can create separate zones for that you know so this this you can use for small businesses I I feel um but keep in mind like you know this is all Community version so the updates are usually not available so you use it at your own risk but for home use I don't see any issues with that um Services got firewall rules right here you can create your own rule like home firewalls like the one you get from qualcast or Verizon you don't get that you can create your own incoming and outgoing rules right here on the firewall Network level allows you to do that or we also have location block I really like this because if you don't want certain countries to be coming into your network you can literally just check that and then save and it will block that that is really amazing because that feature in most firewalls uh especially Cloud security you have to pay extra for that this is called geob blocking this is all you're getting it for free I we haven't paid anything the IP fire is free um another thing the the log summary logging having log is really important since I just plugged this device in there's not going to be much logs in here but you can come to firewall logs we will show you all the firewall logs all the connections going in and out what it's dropping and things like that it's amazing what you can do with this small device it will also give you graphs by IP there you go looks pretty nice what devices are currently communicating and things like that it will also give you more detail and one more thing if you come to pack fire you can add more plugins to this I'll show you what what that means so you can these are the plugins you can can connect to this device so for instance free radius if you want radius authentication done on that you can select add it will come right here and it should come over here and then it should install oh there you go took a while but I actually don't want that installed so that far is working uh that's already installing okay so adding clicking on that add button starts installing that's fine we can always remove it while it's doing that oh wow look at that it's doing all the command line thing over here so you don't have to do anything this is all guey based but it does the work for you and above right here you will see the inbound traffic and the outbound traffic this is very neat um uh if you're trying to if you're on like a teams meeting or some meeting like that it's really neat to have that so you know exactly where the traffic is going and if you scroll down this this has a lot of cool stuff um I believe it also had wire shark I had seen oh look at that it also has rsync this is pretty good rsync allows you to to gen uh to create a sync job oh there you go ra wire Shar right here or they call it t- Shar so for packet capturing very useful feature so a lot of cool stuff this has um you can always come to your status we'll show you the system status currently might not have enough because I have not turned it kept it on for long but it gives you really nice graphs gives you Insight of how the the how much CPU utilization memory and things like that you come to memory it will show you how much memory it's taking how much free memory you have so it is amazing what this little thing can do and mind you the Raspberry Pi 3 I think is $30 $40 raspberry 4 is probably $8 or so uh that USB adapter which is this one right here this USB adapter I got it from eBay it was about $8 on sale I think now it's for $13 I recommend getting a name brand one don't get the one from China the unbranded one because they marketed it as one gig but they usually don't work at at one gig so stay away from that got something nice some name brand one $13 is not bad for this and um highly recommend getting Raspberry Pi 4 because you will get the gigabit Ethernet connection and the USB 3 you can go wrong with that um so that is amazing what you can do with this uh if you guys like this video please make sure to hit that like button and subscribe but button and that notification icon so any new videos I create you'll be notified for that if you have any questions to related to this video or any other videos or if you want me to make any future videos let me know and I'll be more than happy to uh make those videos um and we can always be reached at website above which is right here gocity.com and if you have any questions feel free to reach out to us thank you and you guys have a nice day
Info
Channel: Loyal Tech and Security
Views: 15,096
Rating: undefined out of 5
Keywords: ipfire download, open source firewall, firewall on raspberry pi, firewall raspberry pi 3, firewall on raspberry pi 4, ipfire on raspberry pi, ipfire raspberry, ipfire configuration step by step, how to install ipfire on raspberry pi, raspberry pi ipfire, raspberry pi firewall, how to use raspberry pi, what to use raspberry pi for, what to use raspberry pi zero for, what to use raspberry pi 4 for, how to setup ipfire, how to install and configure ipfire, ipfire vs pfsense
Id: 4r_eSIZHEgE
Channel Id: undefined
Length: 28min 14sec (1694 seconds)
Published: Fri May 12 2023
Related Videos
Create Personal Cloud Storage using OLD desktop at home (Install TrueNas Scale on USB)
Loyal Tech and Security
3.9K
pfSense vs UniFi Firewall: May 2024 Edition
Lawrence Systems
57K
The ULTIMATE Raspberry Pi 5 NAS
Jeff Geerling
1.5M
OPNSense: Protect Your Home LAN With a Transparent Filtering Bridge with Step by Step Instructions
Dave's Garage
498K
DO NOT design your network like this!! // FREE CCNA // EP 6
NetworkChuck
3.1M
The Ultimate Home Lab Guide: Easy DIY Setup NAS, Docker, Game Servers & More!
MadeInJapan
5.9K
I Can Save You Money! – Raspberry Pi Alternatives
Linus Tech Tips
3.2M
How to Secure a Raspberry Pi on Your Network | ITProTV
ITPro
54K
you need this FREE CyberSecurity tool
NetworkChuck
1.2M
13 Stunning Raspberry Pi Projects for 2024!!!
ToP Projects Compilation
198K
How To Fix Bufferbloat in pfSense For Better Network Performance
Lawrence Systems
28K
3 HACKING gadgets you have to TRY!!
NetworkChuck
1.4M
You call THAT a router?! 2 Tiny Raspberry Pi Routers
Jeff Geerling
647K
DDNS on a Raspberry Pi using the Cloudflare API (Dynamic DNS)
NetworkChuck
338K
let's hack your home network // FREE CCNA // EP 9
NetworkChuck
3.8M
Stop Windows Spying with one click Firewall
The PC Security Channel
206K
Easy Raspberry Pi Projects for 2023!
Crosstalk Solutions
817K
Should You Build Your Own Router?
Wolfgang's Channel
296K
One cable, two SSDs: the first Pi 5 PoE HAT
Jeff Geerling
176K
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
1.5M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.