Wednesday, November 6, 2013

Raspberry Pi running Ipfire notes

The ipfire firewall is built on a linux system running as a router and firewall, similar to ipcop.  Ipfire is a fork of the ipcop firewall.

history is here

http://en.wikipedia.org/wiki/IPFire

Installing ipfire for use on the raspberry pi is covered elsewhere, this covers notes relative to bringing up the firewall options that are useful on ipcop on ipfire.

1. 
port change 444 to other.

On ipcop you use setreservedports to change 445 to another.

On ipfire you have to edit two files in the apache config, and restart apache:

ipfire listens by default on port 81 (non ssl ) and 444 (ssl).   the ports are listed in

/etc/httpd/conf/listen.conf  Edit them as needed and save.

The server hosts are defined in

/etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
/etc/httpd/conf/vhosts.d/ipfire-interface.conf

the ssl one has the definition for 444 (default) and the other defines 81.  Both listen and these file have to be changed.

2.
set up ipfire box as an openvpn client (use the ipfire pi as a field hot spot router, for example)

http://forum.ipfire.org/index.php?topic=8056.0

quoting entry:

I'm currently struggeling to get my IPFire server working as OpenVPN client. The machine is set up inside a rather closed-down network and I would like to connect to an external server using OpenVPN.

However, all the help I can find either helps one configure the IPFire machine as an OpenVPN server or the help for a client configuration is rather limited.

Can anyone please help me out (or point me in the right direction) to get my IPFire machine working as an OpenVPN client?

Thanks in advance.

SOLVED: After running openvpn with the created configuration file:
/usr/bin/openvpn --config /var/ipfire/ovpn/client.ovpn
it created the network "tun0"

All I needed to do after that (I have a 10.13.0.0 255.255.0.0 network) is:
iptables -t nat -A POSTROUTING -s 10.13.0.0/16 -o tun0 -j MASQUERADE

to make sure all the traffic on my network (starting with a 10.13 IP address) goes through the tun0 interface



No comments:

Post a Comment