What is a Custom Firewall?
“Flash Routers” are another term for a custom firewall and WiFi Access Point. They are a form of custom firewall and WiFi access point that originated with the Linksys WRT54G Series as part of a settlement for incorporating FSF GPL Code in a corporate product. Third-Party (Online) Vendors take commercial hardware from Big Box stores and “flash” them with DD-WRT or FreshTomato. Custom firewalls and WiFi Access Points offer much better security and features than the standard operating systems on home commercial firewalls and WiFi access points.
What is IPFire?
IPFire is an open source Linux distribution built from scratch to be an high quality firewall you can customize to fit your specific needs. How is this different than a Flash Router? The difference is that while a “Flash Router” is a custom firewall it isn’t custom hardware and it is almost impossible to upgrade or address hardware security issues. Everyone knows that commercial routers have a lot of problems with their Operating Systems as well as their Hardware.
Let’s Build a Custom Firewall
You’ll need a copy of IPFire. You can get one from their website for free (buut it requires a Torrent) and so I like to use DistroWatch. Download the ISO, flash it to a USB, and get ready to build your custom firewall hardware with IPFire. (If you just want a secure WiFi Access Point and less custom firewall, try our AMENDMENT1 IPFire Build).
Custom Firewall Hardware
What is custom firewall hardware? In a Corporate Enterprise it might be $10,000 of hardware and software from a vendor like Palo Alto Networks or Cisco. But for our custom firewall we are going to use a refurbished Dell Optiplex 790 we bought for $99 (including shipping and 1-Year Warranty). That includes an Intel i3 Dual-Core processor at 3.3GHz with 4 GB of RAM and an 80GB Hardrive. That is going to blow away any router you can buy at Best Buy and it has a 1-Year Warranty (again, for $99)! It has 8 USB Slots, 4 PCI expansion slots, a CD-RW Drive and comes with a nice Keyboard and Mouse (not that we need them but its always nice to have spares). We bought 3 Gigabit Ethernet Expansion PCI cards off eBay for $30 (total) and a super-slick WiFi access point for $60 from Amazon. That’s pretty custom. If you want more RAM it uses standard PC1333 DDR3 which is about $5 per Gigabyte! Total custom hardware and software firewall cost: $189
How to Install the Hardware
Is it hard to install the hardware to customize the firewall? In this case we expressly chose hardware expansion cards that are simple in that they use the PCI-Express built-in infrastructure. We also paired chipsets that are supported by the particular Linux kernel running in the IPFire version we were using. In general, you need to be able to use a screwdriver. You’ll want to swap out the “standard” PCI brackets in this case just because the OptiPlex is a MiniTower and has a thin profile. IPFire Version 2.2 Core 169
How to Install the Software
Above we told you where to get the ISO (Installation Software) for the IPFire installation. All you need to do is make any required adjustments to the system BIOS and overwrite any existing Operating System. If you need a tutorial on installing Linux on Intel or AMD Hardware just follow this guide we created for installing Slackware 15. Just remember to come back to this page before you actually install Slackware. Once you have an installation USB and your BIOS is ready, simply insert the USB and follow the on-screen instructions – IPFire will take care of everything.
How do I configure IPFire?
IPFire makes it pretty simple and they actually have great instructions you can follow here. One thing to note is that your custom firewall (and router) is also a WiFi Access Point. In IPFire parlance, that will be a Green + Red + Blue setup, which means that Green is the (protected) area inside the Firewall; Red is the network outside of the Firewall; and Blue is the WiFi Access Point. The firewall is designed to protect you from threats between your home and the outside world, including your telecom provider. To accomplish this, we set the Red network to DHCP to get an address from the DSL Modem/Cable Router. The Green Network is set to any non-routable address scheme you like (192.168.1.x, 192.168.2.x, 10.1.1.x, 10.2.1.x, etc) and hosts DHCP for your local network safely behind the firewall. Finally, Blue is your WiFi Access Point and should use yet another non-routable address scheme.
Finish your Firewall Customization
Plug your Red network ethernet adapter into your DSL Modem/Cable Router Lan Port. Plug your Green network ethernet adapter into your Home Network Main hub, Office Switch, Entertainment Center, etc. Let the firewall start up and run through its initial set up. When it is done and happy with your settings, it will produce a satisfying system “Beep” to let you know you have succeeded. Now you will need to Log In to configure the last few details of your custom firewall so it is usable.
Turn on DHCP for your WAP
Allow Users to Join your WAP
Enjoy your Custom Firewall
This is just the start of what you can do with a custom firewall. For now, rest easy knowing you have a premium firewall running that will help to protect your home. All of your smart devices, entertainment consoles, laptops, and tablets will be safe. We will be sharing more cool things to do with your custom firewall soon. In the meantime, you can learn more here.