IPFire + Jetway hardware?

Hardware
1

Hello,

thanks for IPFire providing an Open Source firewall build from scratch really sounds amazing.

any experience with ipfire + hardware from https://www.jetwayipc.com (Made in Taiwan) ?

with GREEN, ORANGE, RED and BLUE zones

more NICs (at least 2x), better are 3x

currently looking at https://www.jetwayipc.com/products/nf9hql-525/

https://www.jetwayipc.com

pretty cool that ipfire supports dyndns

is it the correct setup?

private PCs LAN --- (green zone) ipfire firewall (red zone) ---- internet
                                / 
webserver --------------(orange zone)

so need at least 3x LAN NICs

PS: can IPFire protect against DDoS? (just asking, don’t get upset X-D)

2

Hi,

while I don’t see any obvious reason why IPFire should not run on that board, I doubt you will have much fun with it, especially if you plan to run it for longer:

  • The CPU, Intel Atom D525, is really not state of the art, and does not support AES-NI, which means it cannot accelerate AES encryption in hardware. Especially if you plan to run some kind of VPN services on your IPFire, this will cripple its performance.
    Intel’s datasheed does not say anything about a hardware-based random number generator (HWRNG), so I assume it does not have any either - which is bad for cryptographic operations of all kind, as the system will have little random data at hand.

  • On the vendor’s website, the board is marked with “EOL”, so I presume you won’t get any BIOS/firmware updates for it. While support cycles of hardware vendors are often stupidly short – as they want you to buy new hardware frequently, nudge nudge – , it is not good to go with a mainboard that is already EOL from the very beginning.

  • Perhaps the most important component for firewalling purposes are the NICs. On the board you mentioned, these comprise of Realtek RTL8111EVL – okay-ish, but I again would choose something different for production.

On a general note, please refer to this wiki page for buying considerations.

Frankly, I would recommend you against buying it. You probably will be more happy with, for example, the IPFire Mini Appliance, which features modern hardware, good NICs, and is known to be working perfectly fine with IPFire, since new releases are always tested on it.

(Full disclosure: Lightning Wire Labs, the company selling that appliance, is run my @ms, and also offers things like enterprise support for IPFire. I am not affiliated with the company in any way.)

Yes.

Depends on the type of DDoS attack, but for volume-based ones just clogging up your network connection, no – as no security product can. :slight_smile: However, for firewall rules, you can configure rate-limits, preventing too many concurrent connections to certain destinations, or sources opening too many of them within X amount of time.

Thanks, and best regards,
Peter MĂĽller

6 Likes
3

Mitac PD10EHI-N6415 (Intel DN2800MT5)

IMG_20220613_160443
IMG_20220613_1604431920Ă—2560 400 KB

You can add a third or more NICs via PCIe x1 or miniPCI. I had to add 2x wifi NICs. You can use SATA SSDs via SATA or m.2, but no NVME.

1 Like
5

thanks for all your replies, thoughts, considerations and recommendations :slight_smile:

indeed if the jetway board is too slow… won’t use it.

thanks for the info