Hi, can you go through how you would set up pihole and pivpn in conjunction with this? That might be overkill, but if you were to get another raspberry pi and put it as a pihole under the firewall and the traffic after going through the security of firewall is sent out through WAN with VPN? Thanks. Just interested for DIY and learning more.
Hi, may I ask if the Blue connection, could be connected to a TP LINK AX1800 router which would continue working, with the PI being between the Red Internet adapter and the Green Tp Link Ax 1800, and if so, is there any special configuration in such a case?
Incredible walkthrough! I did have a few questions if you don't mind: Having an RPi4 on hand, I plan on using the embedded ethernet port for WAN. However, can I use four USB adapters between my 4-Port Internet Gateway as a security layer for the following: GB Port 1 hard wired directly to my PC; GB Port 2 hard wired to Hitron Coax to Ethernet adapter; GB Port 3 hard wired to 8-Port 2.5GB unmanaged switch; and GB Port 4 hard wired to separate 16-Port Gigabit POE switch dedicated to POE IP Security cameras. Should I be in OK shape given my network topology? Thank you in advance for your time and response.
Yes this would work, on top of that you can also segment your network using the same topology. Meaning, 16 port switch can have a different vlan/subnet, 8 port switch can have different vlan/subnet and so on.
New to networking but this is what im aiming for i have fiber coming.into my house and have the stupid ATT box i have it in "ip passthrough" mode and have my Orbi mesh doing the routing can i keep my Orbi for the routing part and plug my rpi5 into router or port switch can i just use this as a firewall to.protect everytnimg on my LAN
Yes, you can use the Raspberry Pi as a firewall and keep your Orbi for routing, just plug the Pi into the Orbi's router or port switch. However, in order to use the firewall for the devices, you will have to make sure all your devices are behind Pi firewall. So the setup would be something like this. ATT --> Orbi --> Pi firewall --> hard wire computers or AP
Hi There, thanks a million for your video, absolutely valuable! I'm trying to run using a RPI 4 as explained however, facing the rainbow, tested with 4 SD cards already and no success, any other suggestion? Cheers
could you confirm if you etched using balena etcher or another software? i was getting similar issue when i tried different etcher. Also, is there an error message you are getting which you can post?
@@loyaltechsecurity Yep, I used Balena Etcher as you did. Didn't display any error - Do you know if it logs something that we can explore the root cause? Thanks a million
If I want add on to set up a blue interface for wifi phone and pc connection , Do I need another additional hardware, I believe pi 4 comes with wlan module built-in. How about a USB-Lan adapter , u mentioned 1g link , and I suppose can get a higher one instead , if that doesn't matter as it should be able to detect from ISP subscription plan ?
You can set blue interface for anything you like, but just remember what IP subnet you set it to. In order for that interface to work, you will need to add a switch connecting to that blue interface. However, you will not be able to go more than 1Gbit link connection as the max speed supported by raspberry pi and usb lan adapter is 1Gbit/s speed. Hope that helps.
you can make ipfire your gateway and pass security through it. Connect another router under the ipfire which hands out the DHCP IP's and routing for your internal device. That way, you would have ipfire as a firewall and another router of your choice would make the internal routing calls.
I would love to see open source project that is user frendly and easy to use.Something like Firewalla firewals.Internet security for average guy must be priority numuber one.I hope that one day a group experienced software programars will give us something like that.heck i would pay,but firewalla is tooo expensive.And i do know firewall software solution like ipfire,fireewall free,open sense,sophos etc.They just not my cup of tea.
Usually its not a best practice to have multiple routers on the same network unless you are segmenting them out and natting them. In your case, if you are only looking for a wireless device to be implemented with the IPfire, then having Asus Router under AP mode is preferred.
@@loyaltechsecurity what i wanted is to put the red thing on my isp then put the green thing to wan connection on my asus router but I wanted it to remain as dhcp server or in router mode because i used it as wireguard client. Is that possible with ipfire in the middle of that?
If you connect red port to your ISP and green port on IPfire to Asus WAN port, then your Asus router will receive RF1918 subnet, whichever your ipfire is set to give out via the green port. This setup is doable but make sure the traffic can passthrough from IPfire to your Asus router. Make sure the routing is set properly and firewall rules are allowing Asus router to communicate outbound from the ipfire.
@@loyaltechsecurity Which device is going to allocate local IPs? Currently the local router (TP LINK AX 1800 in my case) allocates those. May I set IPFIRE just to be fire wall and not be involved in IP allocation?
double check the flashing of the sd card and make sure its done properly. If the problem persists, try a different sd card. If the flashing is done correctly, the system will boot up, assuming you are using raspberry pi 3 or above.
Hello ! Which version of the rasberry pi 4 are you using ? Is a 2 go ram enough for a small network (2-3 computers, switch ) ? What are your recommandations ?
this is actually raspberry pi 3. I would definitely recommend using 4, which has higher processor and memory. Raspberry pi 3 and/or 4 should be more than enough for 2-3 computers.
at the time of assigning interfaces, make sure you are assigning green and red interfaces correctly. You can also check by typing ifconfig to see if your interface is showing there.
Hey I'd ask this question in the dedicated forums but I think their community is down right now for me. The image you supplied is for 32 bit, the support for this ran out Feb this year. The aarch64 image on their website has no uEnv to edit etc. How would you proceed ? Thanks in Advanced P.S - I had to comment out the hdmi safe in the config to properly display on my monitor for anyone also having this
Yes, it seems like they have stopped arm versions of this IPfire, that is why I provided a link to the last stable version of ipfire arm to be installed on raspberry pi. Hopefully they will come with arm version of IPfire soon to be installed on raspberry pi but as of right now this is the last stable version I have. Once you install this, it does allow you to update to the version until they discontinued.
I've tried downloading the file from your google link several times over, but no matter how many times I try, I just get the rainbow screen. Is this broken?
I just tried the link again, it seems to be working fine. It initially asks you if you want to leave youtube and go to another site. At that point you have to leave youtube and it will take you to google drive. I tried multiple times from different browser and it seems to be bringing the file download option fine. Please double check and try different browser perhaps?
ipfire does not have official updates for arm which can be used on raspberry pi anymore. You can check out their download section at www.ipfire.org/download/ipfire-2.27-core178 but the google link I have posted in the description will give you the arm version for raspberry pi and once installed, i believe it has 1 more update which can be installed directly on the ipfire.
it really depends on how much you are willing to spend. You can use pfsense firewall on your computer. Make computer standalone firewall as well. It will be faster than raspberry pi (depending on the configs of the PC), but generally turning a computer into a Gateway/Firewall is possible and faster. Downside is, takes more energy, more space etc.
Hi, can you go through how you would set up pihole and pivpn in conjunction with this? That might be overkill, but if you were to get another raspberry pi and put it as a pihole under the firewall and the traffic after going through the security of firewall is sent out through WAN with VPN? Thanks. Just interested for DIY and learning more.
É uma ótima ideia, usar um respberry pi e um adaptador de rede USB.
Hi, may I ask if the Blue connection, could be connected to a TP LINK AX1800 router which would continue working, with the PI being between the Red Internet adapter and the Green Tp Link Ax 1800, and if so, is there any special configuration in such a case?
Did you manage to find out? 😂😂
I have the same issue, rainbow screen when I boot. I tried multiple MicroCD cards and it's the same. I'm using Pi 4.
try sd cards
Incredible walkthrough! I did have a few questions if you don't mind: Having an RPi4 on hand, I plan on using the embedded ethernet port for WAN. However, can I use four USB adapters between my 4-Port Internet Gateway as a security layer for the following: GB Port 1 hard wired directly to my PC; GB Port 2 hard wired to Hitron Coax to Ethernet adapter; GB Port 3 hard wired to 8-Port 2.5GB unmanaged switch; and GB Port 4 hard wired to separate 16-Port Gigabit POE switch dedicated to POE IP Security cameras. Should I be in OK shape given my network topology? Thank you in advance for your time and response.
Yes this would work, on top of that you can also segment your network using the same topology. Meaning, 16 port switch can have a different vlan/subnet, 8 port switch can have different vlan/subnet and so on.
@loyaltechsecurity it's funny that you mentioned this... I was just thinking about that. :)
can you install remotely?
New to networking but this is what im aiming for i have fiber coming.into my house and have the stupid ATT box i have it in "ip passthrough" mode and have my Orbi mesh doing the routing can i keep my Orbi for the routing part and plug my rpi5 into router or port switch can i just use this as a firewall to.protect everytnimg on my LAN
Yes, you can use the Raspberry Pi as a firewall and keep your Orbi for routing, just plug the Pi into the Orbi's router or port switch. However, in order to use the firewall for the devices, you will have to make sure all your devices are behind Pi firewall. So the setup would be something like this.
ATT --> Orbi --> Pi firewall --> hard wire computers or AP
that's amazing! thanks a ton! 👍
Hi There, thanks a million for your video, absolutely valuable! I'm trying to run using a RPI 4 as explained however, facing the rainbow, tested with 4 SD cards already and no success, any other suggestion? Cheers
could you confirm if you etched using balena etcher or another software? i was getting similar issue when i tried different etcher. Also, is there an error message you are getting which you can post?
@@loyaltechsecurity Yep, I used Balena Etcher as you did. Didn't display any error - Do you know if it logs something that we can explore the root cause? Thanks a million
If I want add on to set up a blue interface for wifi phone and pc connection , Do I need another additional hardware, I believe pi 4 comes with wlan module built-in. How about a USB-Lan adapter , u mentioned 1g link , and I suppose can get a higher one instead , if that doesn't matter as it should be able to detect from ISP subscription plan ?
You can set blue interface for anything you like, but just remember what IP subnet you set it to. In order for that interface to work, you will need to add a switch connecting to that blue interface. However, you will not be able to go more than 1Gbit link connection as the max speed supported by raspberry pi and usb lan adapter is 1Gbit/s speed. Hope that helps.
Is there a way to just set this up as a firewall? I don’t need to the routing part and am just looking to beef up the security on my home network.
you can make ipfire your gateway and pass security through it. Connect another router under the ipfire which hands out the DHCP IP's and routing for your internal device. That way, you would have ipfire as a firewall and another router of your choice would make the internal routing calls.
@@loyaltechsecurity Any different configuration is this case?
Hi Jay, can you please tell us how to fix the issue of having a rainbow screen when we boot the image??? Thanks.
Albert are you using the image from ipfire.com website or the one provided in the video link for this Pi 4?
Thank you mt friend 🙏🙏🙏
I would love to see open source project that is user frendly and easy to use.Something like Firewalla firewals.Internet security for average guy must be priority numuber one.I hope that one day a group experienced software programars will give us something like that.heck i would pay,but firewalla is tooo expensive.And i do know firewall software solution like ipfire,fireewall free,open sense,sophos etc.They just not my cup of tea.
does local lan for example my asus router have to be on access point mode, or is it okay to set it up as router mode?
Usually its not a best practice to have multiple routers on the same network unless you are segmenting them out and natting them. In your case, if you are only looking for a wireless device to be implemented with the IPfire, then having Asus Router under AP mode is preferred.
@@loyaltechsecurity what i wanted is to put the red thing on my isp then put the green thing to wan connection on my asus router but I wanted it to remain as dhcp server or in router mode because i used it as wireguard client. Is that possible with ipfire in the middle of that?
If you connect red port to your ISP and green port on IPfire to Asus WAN port, then your Asus router will receive RF1918 subnet, whichever your ipfire is set to give out via the green port. This setup is doable but make sure the traffic can passthrough from IPfire to your Asus router. Make sure the routing is set properly and firewall rules are allowing Asus router to communicate outbound from the ipfire.
@@loyaltechsecurity Which device is going to allocate local IPs? Currently the local router (TP LINK AX 1800 in my case) allocates those. May I set IPFIRE just to be fire wall and not be involved in IP allocation?
I tried every step you provided, and when I power on the raspberry Pi all I get is a rainbow screen, it does not boot up.
double check the flashing of the sd card and make sure its done properly. If the problem persists, try a different sd card. If the flashing is done correctly, the system will boot up, assuming you are using raspberry pi 3 or above.
Can you use the same device as a NAS server as well?
yea, if you can get truenas installed on the raspberry pi and attach external hard drives to the USB ports of the pi, you can use it as a NAS as well.
In red interface how you enable DHCP?? When I click enter it not works
watch the video from 11:44, it explains about Red and Green interfaces.
Have u run on a pi 4 1gb? If so how much was left over, I have seen that on occasion pi4 version of same OS takes more memory then pi3.
I have not tried on pi 4 yet, but once I do i will submit that video here.
Hello ! Which version of the rasberry pi 4 are you using ? Is a 2 go ram enough for a small network (2-3 computers, switch ) ? What are your recommandations ?
this is actually raspberry pi 3. I would definitely recommend using 4, which has higher processor and memory. Raspberry pi 3 and/or 4 should be more than enough for 2-3 computers.
Could this do the DNS routing as well? Any other pack to install?
yes it can do DNS routing as long as you have some DNS IP's set in the ipfire. You can use opendns.com FREE dns security as well.
So, you can't use one port with VLans like pfSense? No PI-Hole?
you can use ports as vlans, as long as you assign them proper subnets.
I dont have any monitor wich I can connect the HDMI, any solution via sah???
you can try vga to hdmi converter, thats what I have been doing with few of my other raspberry pi's and it works.
Hello may i ask, why ipfire cannot detect my raspberry pi ethernet port. Green port is good but it cannot detect the red one
at the time of assigning interfaces, make sure you are assigning green and red interfaces correctly. You can also check by typing ifconfig to see if your interface is showing there.
Hey I'd ask this question in the dedicated forums but I think their community is down right now for me.
The image you supplied is for 32 bit, the support for this ran out Feb this year.
The aarch64 image on their website has no uEnv to edit etc.
How would you proceed ?
Thanks in Advanced
P.S - I had to comment out the hdmi safe in the config to properly display on my monitor for anyone also having this
Yes, it seems like they have stopped arm versions of this IPfire, that is why I provided a link to the last stable version of ipfire arm to be installed on raspberry pi. Hopefully they will come with arm version of IPfire soon to be installed on raspberry pi but as of right now this is the last stable version I have. Once you install this, it does allow you to update to the version until they discontinued.
I've tried downloading the file from your google link several times over, but no matter how many times I try, I just get the rainbow screen. Is this broken?
I just tried the link again, it seems to be working fine. It initially asks you if you want to leave youtube and go to another site. At that point you have to leave youtube and it will take you to google drive. I tried multiple times from different browser and it seems to be bringing the file download option fine. Please double check and try different browser perhaps?
Where is the link to the official page to download ipfire for arm,? cause there is some core updates
ipfire does not have official updates for arm which can be used on raspberry pi anymore. You can check out their download section at www.ipfire.org/download/ipfire-2.27-core178 but the google link I have posted in the description will give you the arm version for raspberry pi and once installed, i believe it has 1 more update which can be installed directly on the ipfire.
@@loyaltechsecurity perfect, thank you!
nothing better than a pi? do you know some better hw for the task? Thanks
it really depends on how much you are willing to spend. You can use pfsense firewall on your computer. Make computer standalone firewall as well. It will be faster than raspberry pi (depending on the configs of the PC), but generally turning a computer into a Gateway/Firewall is possible and faster. Downside is, takes more energy, more space etc.
@@loyaltechsecurity I have rpi 5 but ipfire does not support it ... sigh!!
Thank you, that is awesome👌