Install Endian Firewall (EFW) on a headless linux box

Hardware

  • Gigabyte GA-M68SM-S2L motherboard
  • AMD Sempron LE-1150 CPU (2.0 GHz)
  • 1 GB RAM
  • SATA harddisk (any size)
  • MSI Midas case (including power supply)
  • Zalman CNPS 7500 CPU cooler
  • 2 D-Link DGE-530T Gigabit Ethernet adapters
  • USB-CD-ROM drive for installation only, or USB stick

The MSI case is very compact, well built and includes the power supply and one 60 mm case fan. I chose the Zalman cooler to be able to run the fan at minimum speed and thus creating a very quiet box. To reduce the speed of the integrated case fan I connected the fan through a resistor which comes with any separate Zalman case fan. The D-Link adapters have an optional low profile bracket.

Note that with the Zalman fan, it is impossible to fit a CD-ROM drive into the case.

The whole box cost you less than USD 300, and you could further save with a cheaper CPU fan, less RAM, Fast Ethernet cards and a slower CPU.

Software

The only package which installed and recognized my hardware properly is Endian Firewall 2.2 Beta 3.

  • EFW is based on IPCop, I actually started off with IPCop but later switched to EFW (see below)
  • my hardware components are pretty new and therefore only supported in the latest kernel
  • IPCop 1.4.18 (latest stable release) and EFW 2.1.2 (latest stable release) would not recognize the nVidia 680i or D-Link Gigabit ethernet cards
  • IPCop 1.4.18 does not install from a USB-CD-ROM drive, you would need to attach PATA CD-ROM drive
  • EFW 2.1.2 and 2.2 installs from a USB-CD-ROM drive

Installation

  1. Download the ISO from http://www.endian.com/en/community/download/iso/ and burn on CD
  2. Boot your box from CD and follow the installation
  3. After finishing installation from CD check wether you can connect from another client throught the web interface. Connect at https:<your ip>:10443 - If you cannot connect, try connecting the LAN cable (green) to another network card - If you still cannot connect, login in on the box directly as root (initial root password = endian) and check your ip configuration - To enable your headless box to shutdown after pressing the power button, you need to install the acpid daemon. Download at http://alumnus.caltech.edu/~igormt/endian/extras.html the i386 rpm package and install with [rpm -i acpid-1.0.6-endian1.i386.rpm]. The acpid daemon works well also with EFW version 2.2 Beta 3 to 2.2 RC2. ==== SSH access ==== SSH access can be enabled through the EFW web interface. I access through root as I can access EFW only from within a protected environment. I you prefer to access as a dedicated user and not allow root to access, create dedicated user account for the SSH access. First you need to create an additional user to achieve this. There are a few manual steps necessary to achieve this, login as root into a shell on your EFW box: useradd myuser passwd myuser mkdir /home/myuser chown myuser:myuser /home/myuser vi /etc/sudoers ; add one line with the access rights of this user vi /etc/passwd ; change the last entry created for myuser from /sbin/nologin to /bin/bash ==== How to update EFW ==== - Backup the configuration from within the web interface and save to the computer you use to access EFW - Backup /root/.ssh to a usb-stick - Install the new version from CD - Access EFW from the web interface, restore the configuration when asked - Restore /root/.ssh - Install acpid and reboot