Any easier step by step installation path?

Hi, this is my first post and I am even less than a beginner to ipFire - I am a beginner to pretty much everything baseline to even beginning to set up any sort of router or firewall. By that I mean that other people set up my internet connections previously. So at one connection I have a Comcast internet accessible from a wireless router to other remote wifi networks on various boxes. At home I have an AT&T business class internet, where all I did was plug in one of their router+wireless boxes to cabling they hooked up (or maybe they even hooked it up…I don’t remember as it has been more than a decade).

Anyway, I want to explore and learn and use ipFire. I did take time to read reviews on my various options and I am pretty clear ipFire is the way I want to go because: (1) it is linux based (and I am also working to switch to linux in general and out of Win7) (2) open source (3) it has great recent reviews for active maintenance (4) lots of add on packages (and I hate to dedicate a full computer to something which is ONLY acting as a firewall) and appears to be up and coming (5) looks a lot more user friendly than, say, openWRT or pfSense, to a complete newbie.

There are probably some other good reasons I want to take my first steps with ipFire as well … oh, yeah, you appear to have a really helpful community – which I can definitely appreciate right about now!

I have gone as far as installing ipfire on a Dell Optiplex 9020 and trying to follow the directions. The problem is my ignorance is so complete that even the step-by-step instructions very quickly, for me, devolve into ignorantly picking a response (when I really don’t know enough to intelligently pick a response) or typing in a number (ip adress) when I don’t have a number and don’t know really how to get one. For what it is worth, I have recently purchased a copy of “TCP/IP for Dummies, 6th ed” but haven’t yet attempted to read it.

My Plan is to run from one of the ethernet ports on the back of my ATT-supplied router into the ipfire ethernet port and then out of one of the USB ports to a 1-gig rated ethernet dongle and THEN to a computer ( and, later, a wifi unit). In other words, I figure I have to leave the ATT box there as it provides my ISP service and I don’t believe I can just replace it (or, if I can, I don’t know how to do that without things getting even more complicated). Anyway, once I get running through ipFire I figure the real learning can begin – and other documentation will begin to make more sense. Until then, I am just plain stuck with not knowing what numbers, etc. to type in to set up ipFire. Does my description of my stuckness makes sense and elicit suitable pity ;-?

Super newbie questions:
(1) is there possibly an even more basic set of instructions, or a really slow and basic, youtube video taking me through setup?

(2) is there a program I can run to sniff out the relevant numbers and answers I will need to type into ipFire during setup?

It’s really important to me to get up to speed but right now I am pretty deeply stuck in the mud of ignorance and would appreciate any relevant guidance on how I can even basically going.

Thanks!

(3) BTW, If (big if) it were possible for ipFire during install to search the existing connections and at least hint at what might be problems or solutions (e.g., look at the lines and come back with suggested ip addresses) that would be nice. It may well be that isn’t possible, although I’m not sure why not. Does wireshark do this sort of analysis?

It’s going to be hard. I can only tell you my experience. I am not a professional and I started from zero, and even after years I learned only to appreciate how little I understand of system and network administration. It will require a lot of work.

There are videos around on youtube, but I suspect they will not give you the clarity you need. Question 2, no as far as I know. Question 3, IPFire setup has some reasonable default but it cannot substitute the user.

If it is really important for you to learn, then my suggestion is try and start with one problem at the time. Find the first problem, do your research, try and after all that, ask here. Then, move to the next one. You need also to know the basics of linux network administration. There are plenty of tutorials around, just to give you an idea, this is what you need to know before you even start: https://www.tutorialspoint.com/ipv4/ipv4_quick_guide.htm

By the way, you have to consider that IPFire has to recognize your hardware. It is possible that the USB to Ethernet might not work out of the box or even not at all. I would try to use a proper ethernet card.

I agree with @cfusco. When you get to something you don’t understand, feel free ask! Or take a picture, post it, and ask.

We’ve all been in the same position as you! I am a “noob” even though I’ve been using IPCop an IPFire for years. I got stuck in Step 5 for all of the IP address entries.

It is all way over my head!

@blkstph

Often there is a simple way over the immediate hurdle. In your case, the hurdle is identifying the NIC. From the opening “setup” menu, select “Network Setup” then “Drivers & Card Assignments”. For any zone colour, there is a button “Identify” Clicking that will get many cards to briefly flash the orange and green LED on the socket. If so, then write the last two digits of the MAC address on the backplate of the card.

If that does not work, then as https://wiki.ipfire.org/installation/step5 points out, you still have a 50/50 chance of a random selection working with the simplest RED&GREEN network type. If that does not work, then it is fairly simple to go back to “setup” and reverse your selections. You can always add more cards for more zones later.

“Simple Answer”. Not easy.

Begin.
Read documentation.
Integrate with other documentation (network topology, TCP/IP, network protocols).
Create a plan.
Write it down.
Follow it.
Make mistakes.
Understand mistakes.
Relate with documentations. Take notes
GOTO Begin.

If you want consumer-grade devices and software, buy something that can be configured with apps that maybe can asks to people two or three questions for pick one of the 4-5 scenarios pre-cooked by the development of the producer.
A “real” firewall can be configured into a million different ways (without multiwan. IPFire still lacks of this important feature) to adapt the configuration to needs. It’s not a consumer-grade software.

Many years ago same thing were told talking about WebGUI, which was “not enough” compared to shell/cli for configure network equipment. Nowadays no more that, but 30 years ago like today the most important thing is know what you need by your network gear.

P.S. Feel free to write a “shorter version” of the Wiki for install IPFire, if you want. If you are willing to make a better version of the current one, get it simpler (not shorter) and more understandable.

Aaron made a wonderful video a couple of years ago. You will see the old website and you will have to follow his fast pace of talking:

There are some other ones which are more of a step-by-step thing:

Give them a like if you liked the video

My thanks to the community and, especially, you (the top video is very detailed and I recommend it being made part of a pinned “Beginning FAQ” if it isn’t already) and rodneyp for the considerable details of what to look at. I’d like to say I’m up and running now but not yet. I have a local hardware contact with networking experience who should be able to help me. Longer term, as I said, I’d like to learn to help myself – which is a lot of why I picked ipFire vs the alternatives. I’ll get back to you guys with further progress or problems, though it may take a few weeks. Again, thanks. I never got a real answer to one of my leading questions: Is it theoretically even possible for a router to configure itself using the kind of information it might get from wireshark? I’m just curious…

Oh, I actually had one other suggestion: Perhaps someone could suggest a cheap, widely available off-the-shelf box for a total noob, such as myself, to start with and, knowing the specifics of the reference platform, then someone could make a video like the top one which could be configured on a video in complete detail.

As I said, this is a suggestion – kind of a “marketing” suggestion – to further lower the barriers to entry. If I had to spend $100-300 to buy a specific box to be my ipFire router to begin with, it would be worth that to me (that is actually about what I spent for the Optiplex 9020, which is cute but short one NIC from ideal) and, I expect, others. It seems to me that ipFire’s natural “target market” (if it is ok to use such a term with a FOSS project) is (among other groups) people who are just getting into learning abut setting IP addresses and other networking complications. Just a suggestion…but I think a good one if such a reference box exists. I’m pretty sure once I get the basics of configuration sorted out I will be in a much better position to learn other things, including how to set up an “unknown” box as an ipFire router.

And that unparalleled ease of getting started (which arguably you guys have already achieved vs alternatives) would further speed your growing community momentum.

Hmm. Further to the above: if the technical team leading ipFire develpment are in the hardware business, or could see their way to get into it, I think they’d be able to sell such reference hardware. I understand that might not be where they want to put their main effort, but it believe it would concomitantly speed adoption of ipFire and bring some additional funding and distinction to the project. Just a thought (you might guess I work in marketing:)

FYI: What about Lightning Wire Labs?

Hello Stph B,

What you ask for is here.

Simply no. At that level you won’t find adequate hardware without problems you’d have to ship around. If you choose so, prepare to spend time on troubleshooting. You should be experienced enough for such an approach. Nonetheless your 9020 is not the worst base for expriments and learning howto.
There are many reasons why the price of the appliances at Lightning Wire Labs is as it is. By the way, another NIC for your 9020 would cost … in any case much less then $100 - 300 for an imaginary reference box. If so your local hardware contact may also have some used ones in a grab box. And he can assist to provide a fitting NIC for your 9020.

Again no, not really. It is among all, from my point of view, not a project to bring network basics to noobs. But it could be used as part of equipment to get practice in this matter.

As to the video-request: while you advance this could be a DIY project for you to apply that to the community. So you could provide this with your special point of view of someone who started without much previous knowledge in networking and you can point out the cliffs that a noob will experience when starting with IPFire.

I’d go with @cfusco and @jon : start and ask specific when stuck with something. Don’t wait for someone else creating another Quick Start Guide (there is one in the wiki) where you could more or less copy & paste everything. That will most likely not happen.

–S

Thanks, again, for the responses. I probably should have spent more time looking around and thinking before writing my questions. Please forgive.

I didn’t mean ipFire is only for noobs (although that is how my earlier comment reads). I meant that is a target market which is untapped and ipFire seems like a good fit (with its color coding of zones, documentation, gui, and overall ecosystem). From what I’ve read you guys have the most aggressively updated, and arguably the best, opensource firewall/router package. And if not yet, then I expect soon enough. And that was even more important for deciding to try yours first (well, actually second…I found out about opensource firewall/router software when I stumbled on zeroshell while looking into linux and running legacy applications in Vbox. That led me to pfsense, openwrt. and eventually to an article discussing ipFire).

I’m glad Lightening Wire Labs is already selling hardware for ipFire. I don’t see starting prices on the pdf??

Maybe that is the best way to go for me, but knowing ballpark figures would be helpful in deciding – or even deciding what questions to ask next. My original idea was for a bare-bones but good enough learning vehicle; since that it where I am (although hope I won’t remain). I bought the Dell 9020 pretty quickly because it was so cheap used and had the necessary power to scale, but I was told there is only one card slot inside and it is non-standard & questionable for that reason. I am trying to use a USB to Ethernet dongle, thinking I could later add a wfi dongle through another USB port. That is probably part of the reason I am feeling a little stuck now…

Anyway, if I can get anything to work and the result is more than satisfactory (vs existing Cisco) my company would quite likely consider a “lightening wire labs” solution. (Which would be nice as it would really validate the effort I’ve put in to date We have like 20 desktops and a Server which need to be massively protected from the internet even while remaining connected for incoming VPN or authorized-only outgoing access…

PS, Maybe I am missing something but there really doesn’t seem to be any mention whatsoever of where pricing starts. I suggest even a hint of pricing for, at least, the basic appliance could only help with sales.

Thanks!

@blkstph

Although https://wiki.ipfire.org/installation/step5 does not state such, the example IP addresses shown for GREEN & RED should work in most situations. However, those are not the default values in a newly installed IPFire, which need to be changed.

Perhaps a USB-Gb Ethernet dongle of very recent model is not supported. You did not state which Optiplex 9020 you purchased and the variants support different types of NIC card. Onboard NIC is Intel, so a plug-in card having (say) Realtek chip would be less confusing to configure.

Overall the Optiplex 9020 is best regarded as a “trial-horse”
too high wattage for a home router

hit wrong key and sent too early

Optiplex 9020 is also not industrial grade hardware, as would be advisable for an enterprise system. Industrial/server grade hardware tends to be more expensive than consumer grade and Lightning Wire Labs industrial grade products could be price-competitive.

Most business/corporate desktop PC can work for more than 5 years in a office environment without any trouble less than dust and correct power supply. Therefore, experiment on that kind of hardware IMVHO is a good idea, only avoiding Small Form Factors. Which are nice as size for placing the device, but seems quite more tough to be upgraded and with head dissipation.

Not disputed and major CPU/drive/Computer manufacturers do produce a “business” grade product that is claimed to have greater reliability/durability than consumer grade.

Optiplex is consumer grade and quite adequate as a test environment. Vostro or Inspiron product line would be needed to get business grade and it is the prices of those models that should be compared with that of other options.

Are you sure about that?
In my experience, Vostro is SOHO, then Optiplex and Inspiron are business.

Depends on which page of Dell’s site you read. Some describe Optiplex as business class, others don’t.

The buyer can make their own assessment.

Hello Stph B,

What? Don’t believe everything you’ve been told.
You still did not tell us, which specific 9020 it is. Model and formfactor.
Best guess ist Minitower, Intel I217LM NIC onboard, PCIe 2. Gen x1 Slot free for additional NIC.
PCIe 2. Gen x1 Slot absolutely standard.
You could also consider a dual- or quadport NIC for that x1 PCIe Slot.
Options enough to have more than this one onboard unit.
If it’s a Small Formfactor, than there is need for a half hight NIC. Also available.
Since you seem to be not experienced in these matters … ask your local hardware guy.
As Rodney wrote, if you choose e.g. a Realtek for that PCIe x1 Slot you’ll be able to identify the NICs while setup much better.

8d since your initial request now. Any progress in your project? Let us know …

–S