Build a Custom Firewall and WiFi Access Point with IPFire

What is a Custom Firewall?

“Flash Routers” are another term for a custom firewall and WiFi Access Point. They are a form of custom firewall and WiFi access point that originated with the Linksys WRT54G Series as part of a settlement for incorporating FSF GPL Code in a corporate product. Third-Party (Online) Vendors take commercial hardware from Big Box stores and “flash” them with DD-WRT or FreshTomato. Custom firewalls and WiFi Access Points offer much better security and features than the standard operating systems on home commercial firewalls and WiFi access points.

What is IPFire?

IPFire is an open source Linux distribution built from scratch to be an high quality firewall you can customize to fit your specific needs. How is this different than a Flash Router? The difference is that while a “Flash Router” is a custom firewall it isn’t custom hardware and it is almost impossible to upgrade or address hardware security issues. Everyone knows that commercial routers have a lot of problems with their Operating Systems as well as their Hardware.

Let’s Build a Custom Firewall

You’ll need a copy of IPFire. You can get one from their website for free (buut it requires a Torrent) and so I like to use DistroWatch. Download the ISO, flash it to a USB, and get ready to build your custom firewall hardware with IPFire. (If you just want a secure WiFi Access Point and less custom firewall, try our AMENDMENT1 IPFire Build).

Custom Firewall Hardware

What is custom firewall hardware? In a Corporate Enterprise it might be $10,000 of hardware and software from a vendor like Palo Alto Networks or Cisco. But for our custom firewall we are going to use a refurbished Dell Optiplex 790 we bought for $99 (including shipping and 1-Year Warranty). That includes an Intel i3 Dual-Core processor at 3.3GHz with 4 GB of RAM and an 80GB Hardrive. That is going to blow away any router you can buy at Best Buy and it has a 1-Year Warranty (again, for $99)! It has 8 USB Slots, 4 PCI expansion slots, a CD-RW Drive and comes with a nice Keyboard and Mouse (not that we need them but its always nice to have spares). We bought 3 Gigabit Ethernet Expansion PCI cards off eBay for $30 (total) and a super-slick WiFi access point for $60 from Amazon. That’s pretty custom. If you want more RAM it uses standard PC1333 DDR3 which is about $5 per Gigabyte! Total custom hardware and software firewall cost: $189

How to Install the Hardware

Is it hard to install the hardware to customize the firewall? In this case we expressly chose hardware expansion cards that are simple in that they use the PCI-Express built-in infrastructure. We also paired chipsets that are supported by the particular Linux kernel running in the IPFire version we were using. In general, you need to be able to use a screwdriver. You’ll want to swap out the “standard” PCI brackets in this case just because the OptiPlex is a MiniTower and has a thin profile. IPFire Version 2.2 Core 169

How to Install the Software

Above we told you where to get the ISO (Installation Software) for the IPFire installation. All you need to do is make any required adjustments to the system BIOS and overwrite any existing Operating System. If you need a tutorial on installing Linux on Intel or AMD Hardware just follow this guide we created for installing Slackware 15. Just remember to come back to this page before you actually install Slackware. Once you have an installation USB and your BIOS is ready, simply insert the USB and follow the on-screen instructions – IPFire will take care of everything.

IPFire Custom Firewall

How do I configure IPFire?

IPFire makes it pretty simple and they actually have great instructions you can follow here. One thing to note is that your custom firewall (and router) is also a WiFi Access Point. In IPFire parlance, that will be a Green + Red + Blue setup, which means that Green is the (protected) area inside the Firewall; Red is the network outside of the Firewall; and Blue is the WiFi Access Point. The firewall is designed to protect you from threats between your home and the outside world, including your telecom provider. To accomplish this, we set the Red network to DHCP to get an address from the DSL Modem/Cable Router. The Green Network is set to any non-routable address scheme you like (192.168.1.x, 192.168.2.x, 10.1.1.x, 10.2.1.x, etc) and hosts DHCP for your local network safely behind the firewall. Finally, Blue is your WiFi Access Point and should use yet another non-routable address scheme.


Finish your Firewall Customization

Plug your Red network ethernet adapter into your DSL Modem/Cable Router Lan Port. Plug your Green network ethernet adapter into your Home Network Main hub, Office Switch, Entertainment Center, etc. Let the firewall start up and run through its initial set up. When it is done and happy with your settings, it will produce a satisfying system “Beep” to let you know you have succeeded. Now you will need to Log In to configure the last few details of your custom firewall so it is usable.

Install HostAPD

Install HostAPD to manage your WiFi Access Point

Configure HostAPD

Configure HostAPD with SSID and Password

Turn on DHCP for your WAP

Make sure DHCP is handing out addresses for your WAP

Allow Users to Join your WAP

By Default, no one can Join your WAP without your permission!

Enjoy your Custom Firewall

This is just the start of what you can do with a custom firewall. For now, rest easy knowing you have a premium firewall running that will help to protect your home. All of your smart devices, entertainment consoles, laptops, and tablets will be safe. We will be sharing more cool things to do with your custom firewall soon. In the meantime, you can learn more here.

Tell Us What You Think