====== Install Endian Firewall (EFW) on a headless linux box ====== ==== Hardware ==== * Gigabyte GA-M68SM-S2L motherboard * AMD Sempron LE-1150 CPU (2.0 GHz) * 1 GB RAM * SATA harddisk (any size) * MSI Midas case (including power supply) * Zalman CNPS 7500 CPU cooler * 2 D-Link DGE-530T Gigabit Ethernet adapters * USB-CD-ROM drive for installation only, or USB stick The MSI case is very compact, well built and includes the power supply and one 60 mm case fan. I chose the Zalman cooler to be able to run the fan at minimum speed and thus creating a very quiet box. To reduce the speed of the integrated case fan I connected the fan through a resistor which comes with any separate Zalman case fan. The D-Link adapters have an optional low profile bracket. Note that with the Zalman fan, it is impossible to fit a CD-ROM drive into the case. The whole box cost you less than USD 300, and you could further save with a cheaper CPU fan, less RAM, Fast Ethernet cards and a slower CPU. ==== Software ==== The only package which installed and recognized my hardware properly is Endian Firewall 2.2 Beta 3. * EFW is based on IPCop, I actually started off with IPCop but later switched to EFW (see below) * my hardware components are pretty new and therefore only supported in the latest kernel * IPCop 1.4.18 (latest stable release) and EFW 2.1.2 (latest stable release) would not recognize the nVidia 680i or D-Link Gigabit ethernet cards * IPCop 1.4.18 does not install from a USB-CD-ROM drive, you would need to attach PATA CD-ROM drive * EFW 2.1.2 and 2.2 installs from a USB-CD-ROM drive ==== Installation ==== - Download the ISO from http://www.endian.com/en/community/download/iso/ and burn on CD - Boot your box from CD and follow the installation - After finishing installation from CD check wether you can connect from another client throught the web interface. Connect at https://:10443 - If you cannot connect, try connecting the LAN cable (green) to another network card - If you still cannot connect, login in on the box directly as root (initial root password = endian) and check your ip configuration - To enable your headless box to shutdown after pressing the power button, you need to install the acpid daemon. Download at http://alumnus.caltech.edu/~igormt/endian/extras.html the i386 rpm package and install with ''[rpm -i acpid-1.0.6-endian1.i386.rpm]''. The acpid daemon works well also with EFW version 2.2 Beta 3 to 2.2 RC2. ==== SSH access ==== SSH access can be enabled through the EFW web interface. I access through root as I can access EFW only from within a protected environment. I you prefer to access as a dedicated user and not allow root to access, create dedicated user account for the SSH access. First you need to create an additional user to achieve this. There are a few manual steps necessary to achieve this, login as root into a shell on your EFW box: useradd myuser passwd myuser mkdir /home/myuser chown myuser:myuser /home/myuser vi /etc/sudoers ; add one line with the access rights of this user vi /etc/passwd ; change the last entry created for myuser from /sbin/nologin to /bin/bash ==== How to update EFW ==== - Backup the configuration from within the web interface and save to the computer you use to access EFW - Backup /root/.ssh to a usb-stick - Install the new version from CD - Access EFW from the web interface, restore the configuration when asked - Restore /root/.ssh - Install acpid and reboot