IPFire is a great software firewall. You can have a look at the website so see the features. Running IPFire on Raspberry Pi is surprisingly stable too. Everything was fine until I change the ISP plan from 8M (8mbps/1mbps) to 100M (100mbps/30mbps).
The problem was the hardware limitation of the Raspberry Pi. The builtin LAN and another usb ethernet adapter worked fine when I was using 8M. However after I changed to use the 100M plan I found that the maximum speed was 30M something. In order to utilize my bandwidth I planned to run IPFire on another hardware.
I didn't have a big budget at that time so I wondered if I can make use of my existing hardware. My N54L that is running proxmox seems to be a good choice. So I decided to create a KVM for this.
The config of the IPFire VM is simple:
1. 512M ram
2. 1 CPU
3. 16GB virtual disk (virtio driver)
4. one bridged network (virtio driver)
One tricky thing I have done was to passthrough USB adapter from host to the VM, which should have a better performance.
By running lsusb on host:
# lsusb
...
Bus 003 Device 002: ID 0bca:8133 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
...
Then add a line at /etc/pve/qemu-server/.conf
usb0: host=0bca:8133,usb3=yes
note that only use "usb3=yes" if you are using a usb3 device.
When the setting was done, I started the VM, the USB adapter was detected and just followed the instruction to setup. In my case I connected USB adapter to RED (internet), the virtual adapter to GREEN (internal). As I did a IPFire configuration backup from raspberry pi. I just import it back to the VM and everything ran out of the box!
I did a quick test by running the command line version of speedtest (speedtest-cli). the result was 80mpbs/26mbps which is acceptable.
[root@ipfire ~]# ./speedtest-cli
Retrieving speedtest.net configuration...
Testing from XXXXXXX (xxx.xxx.xx.xxx)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by xxxxxxxx[22.51 km]: 8.898 ms
Testing download speed................................................................................
Download: 81.54 Mbit/s
Testing upload speed................................................................................................
Upload: 25.93 Mbit/s
In summary IPFire is a good solution if you want to have a software firewall. There are other free firewalls such as pfsense or opnsense. I will try them and compare. But for now, I am happy to use IPFire.
No comments:
Post a Comment