RamNode logo
    Sign UpLogin
    Firewall & Security

    Deploying IPFire on RamNode VPS

    IPFire is a hardened, open-source Linux distribution designed as a router and firewall with enterprise-level security features. Deploy it on RamNode's reliable VPS hosting for testing, development, or as a VPN gateway.

    Stateful Firewall
    VPN Gateway
    ⏱️ 45-60 minutes

    Introduction

    IPFire is a hardened, open-source Linux distribution designed primarily as a router and firewall. Built on Linux From Scratch, it provides enterprise-level security features including stateful packet inspection, intrusion detection and prevention, VPN capabilities, and web proxy services.

    Important Note: The IPFire development team recommends using physical hardware for production firewall deployments. However, IPFire on a VPS is excellent for testing, development, lab environments, or as a VPN gateway where security trade-offs are acceptable.

    Network Zones

    IPFire separates networks into security zones using a color-coded system:

    ZoneDescription
    GREENTrusted internal LAN. Clients have unrestricted access and connect locally.
    REDUntrusted external network (Internet). All traffic is blocked unless explicitly permitted.
    ORANGEDMZ (Demilitarized Zone). For servers accessible from the internet like web and FTP servers.
    BLUEWireless network zone. Isolated from GREEN for additional security.
    Stateful Packet Inspection

    Based on Linux Netfilter for robust traffic control

    Intrusion Detection/Prevention

    IPS/IDS with Emerging Threats rulesets

    VPN Support

    OpenVPN and IPsec for secure connections

    Web Proxy

    Squid-based proxy with content filtering

    Prerequisites

    RamNode VPS Requirements

    ResourceMinimumRecommended
    CPU1 GHz x86_642+ cores
    RAM1 GB2+ GB (especially if using IPS)
    Storage4 GB20+ GB (for logs and proxy cache)
    Network1 NIC (VPS setup)2+ NICs for full functionality

    What You'll Need

    • A RamNode Cloud VPS account
    • Access to the RamNode Cloud Control Panel at cloud.ramnode.com
    • IPFire ISO image downloaded from the official website
    • A tool for converting the ISO to QCOW2 format (qemu-img)
    • Basic understanding of networking concepts and firewall principles

    Preparing the Image

    1

    Download IPFire

    Download the latest IPFire ISO from the official website. Select the x86_64 ISO image for your RamNode VPS.

    Official Download
    https://www.ipfire.org/downloads

    After downloading, verify the SHA256 checksum to ensure file integrity.

    2

    Convert ISO to QCOW2

    The RamNode Cloud Control Panel supports custom images in QCOW2 format. Create a bootable image on a local machine with qemu installed:

    Create Empty Disk
    qemu-img create -f qcow2 ipfire.qcow2 20G

    Boot the ISO and install to the QCOW2 image:

    Boot & Install
    qemu-system-x86_64 -enable-kvm -m 2048 -cdrom ipfire.iso -hda ipfire.qcow2 -boot d

    Complete the installation within the VM, then shut down. Compress the image for faster upload:

    Compress Image
    qemu-img convert -c -f qcow2 -O qcow2 ipfire.qcow2 ipfire-compressed.qcow2

    Uploading to RamNode Cloud

    3

    Upload via Cloud Control Panel

    1. Log into the RamNode Cloud Control Panel
    2. Navigate to Compute → Images
    3. Click "Create Image"
    4. Select "File" as the source
    5. Choose your prepared IPFire QCOW2 image file
    6. Specify the image details:
      • Name: IPFire 2.29 (or your version)
      • Format: QCOW2
      • Minimum Disk: 20 GB
      • Minimum RAM: 1024 MB
    7. Click "Create Image" to begin the upload

    Tip: For images over 2GB, the web interface upload may be slow. Contact RamNode support for assistance with large image uploads or use alternative methods like SCP/SFTP or S3-compatible storage import.

    Launching the Instance

    4

    Launch IPFire Instance

    1. Navigate to Compute → Instances in the Cloud Control Panel
    2. Click "Launch Instance"
    3. Select your uploaded IPFire image as the boot source
    4. Choose an appropriate flavor (at least 1GB RAM, 20GB disk)
    5. Configure networking (assign a public IP address)
    6. Launch the instance
    7. Access the console via the VNC viewer in the control panel

    Initial Configuration

    5

    System Configuration

    Complete these configuration steps after the base system installs:

    1. Keyboard Layout: Select your keyboard layout (US is typically appropriate)
    2. Timezone: Set your timezone for accurate logging and scheduling
    3. Hostname: Enter a hostname for your firewall (e.g., "ipfire" or "fw01")
    4. Domain Name: Enter your domain (e.g., "localdomain" or your actual domain)
    5. Root Password: Set a strong password for command-line (SSH) access
    6. Admin Password: Set a strong password for web interface access
    6

    Network Configuration

    VPS Network Constraints: Traditional IPFire deployments require at least two network interfaces (RED and GREEN). On a single-NIC VPS, configure a GREEN + RED setup where the single interface handles external traffic. This is suitable for VPN gateway or remote access scenarios.

    1. Select "Network configuration type" and choose GREEN + RED
    2. For "Drivers and card assignments," assign your VPS's network interface to the appropriate zone
    3. Configure the GREEN interface with a private IP address (e.g., 10.0.0.1/24)
    4. Configure the RED interface with your VPS's public IP address, subnet mask, and gateway
    5. Set DNS servers (you can use 1.1.1.1 or 8.8.8.8)

    Single-NIC VPS: For a VPS with only one network interface, assign it to the RED zone and access the management interface through a VPN tunnel or SSH port forwarding. This is the most common VPS deployment scenario.

    Accessing the Web Interface

    7

    Access IPFire Dashboard

    After completing the setup and rebooting:

    1. Open a web browser and navigate to:
    Web Interface URL
    https://<your-ipfire-ip>:444
    1. Accept the self-signed SSL certificate warning
    2. Log in with username "admin" and the password you configured
    3. You'll be presented with the IPFire dashboard showing system status

    Note: Port 444 is the default HTTPS port for IPFire's web interface. Port 443 is reserved for the web proxy. Ensure you've allowed access to port 444 in your firewall rules.

    Firewall Configuration

    Basic Firewall Rules

    Navigate to Firewall → Firewall Rules to manage traffic flow:

    • Outgoing Rules: Control traffic leaving your network to the internet
    • Port Forwarding: Forward external ports to internal services
    • External Access: Allow specific services to be accessed from RED zone
    • Internal Access: Control traffic between internal zones (if configured)

    Essential Services to Allow

    For a VPS deployment, consider allowing external access to:

    • SSH (port 22): For command-line management
    • Web interface (port 444): For web-based administration
    • OpenVPN (UDP 1194): For VPN functionality
    • IPsec (UDP 500, UDP 4500): For IPsec VPN connections

    VPN Configuration

    IPFire excels as a VPN gateway, supporting both OpenVPN and IPsec. This is one of the primary use cases for deploying IPFire on a VPS.

    Additional Services

    Security Best Practices

    Keep Updated

    Regularly check for and apply system updates through the web interface or Pakfire.

    Strong Passwords

    Use unique, complex passwords for both root and admin accounts.

    Limit Access

    Restrict SSH and web interface access to specific IP addresses when possible.

    Enable IPS

    If resources allow, enable the Intrusion Prevention System with updated rulesets.

    Regular Backups

    Export your configuration regularly via System → Backup.

    Monitor Logs

    Review logs regularly for suspicious activity under Logs → Log Files.

    Minimal Services

    Only enable services you actually need to reduce attack surface.

    Troubleshooting

    Additional Resources

    IPFire Official WebsiteIPFire WikiIPFire Community ForumRamNode Custom Images Docs

    Ready to Deploy IPFire?

    Get started with a RamNode Cloud VPS and deploy your own enterprise-grade firewall and VPN gateway with complete control over your network security.

    View Cloud VPS PlansMore Deployment Guides