Install Endian Firewall (EFW) on a headless linux box

Hardware

The MSI case is very compact, well built and includes the power supply and one 60 mm case fan. I chose the Zalman cooler to be able to run the fan at minimum speed and thus creating a very quiet box. To reduce the speed of the integrated case fan I connected the fan through a resistor which comes with any separate Zalman case fan. The D-Link adapters have an optional low profile bracket.

Note that with the Zalman fan, it is impossible to fit a CD-ROM drive into the case.

The whole box cost you less than USD 300, and you could further save with a cheaper CPU fan, less RAM, Fast Ethernet cards and a slower CPU.

Software

The only package which installed and recognized my hardware properly is Endian Firewall 2.2 Beta 3.

Installation

  1. Download the ISO from http://www.endian.com/en/community/download/iso/ and burn on CD
  2. Boot your box from CD and follow the installation
  3. After finishing installation from CD check wether you can connect from another client throught the web interface. Connect at https:<your ip>:10443 - If you cannot connect, try connecting the LAN cable (green) to another network card - If you still cannot connect, login in on the box directly as root (initial root password = endian) and check your ip configuration - To enable your headless box to shutdown after pressing the power button, you need to install the acpid daemon. Download at http://alumnus.caltech.edu/~igormt/endian/extras.html the i386 rpm package and install with [rpm -i acpid-1.0.6-endian1.i386.rpm]. The acpid daemon works well also with EFW version 2.2 Beta 3 to 2.2 RC2. ==== SSH access ==== SSH access can be enabled through the EFW web interface. I access through root as I can access EFW only from within a protected environment. I you prefer to access as a dedicated user and not allow root to access, create dedicated user account for the SSH access. First you need to create an additional user to achieve this. There are a few manual steps necessary to achieve this, login as root into a shell on your EFW box: useradd myuser passwd myuser mkdir /home/myuser chown myuser:myuser /home/myuser vi /etc/sudoers ; add one line with the access rights of this user vi /etc/passwd ; change the last entry created for myuser from /sbin/nologin to /bin/bash ==== How to update EFW ==== - Backup the configuration from within the web interface and save to the computer you use to access EFW - Backup /root/.ssh to a usb-stick - Install the new version from CD - Access EFW from the web interface, restore the configuration when asked - Restore /root/.ssh - Install acpid and reboot