Friday, March 6, 2015

Guide for installing IPFire on a Banana Pi





I have previously posted instructions for running IPFire on a Raspberry Pi here.
You should check out that post if you would like more details on what IPFire can do for you and why this type of hardware will work great for home firewall/router tasks.

Since then, the developer of IPFire has released an update that will allow it to run on the more capable, but still small and power efficient hardware that is similar to Raspberry Pi called the Banana Pi.

The IPFire on the RPi was cool, and got the job done.  I ran it for several months successfully and without any failures, but only after a good bit of tweaking to optimize and not overload it.  I was satisfied with its abilities, but it was lacking in the pure throughput and snappiness of the web interface that it needed.  The installation was pretty easy though.

Enter the Banana Pi.  Still cheap and substantially faster with a dual core Arm CPU, 1 gig of RAM, gigabit NIC and more performance optimized hardware design overall.

This one is not quite as easy to install IPFire on however, thus it needs a separate blog entry with instructions.



First off, lets list the stuff you will need:
Banana Pi
SD Card.  This is the one I am using It is probably overkill.
A 2amp capable USB charger is recommended for BPi.  I chose this one.

Purchase a USB to serial interface cable here
USB Network card.  Here are compatible USB Nics.

Download the IPFire version for Arm that has the serial console enabled here.


Ok now that we have everything together, LET'S DO IT.
Get IPFire copied to your SD card with these instructions

Now here is where it gets a little different.  The IPFire distro does not have the capability to output to the HDMI port on the BPi device.  To do the initial configuration, we need to see the BPi screen.  We must connect to the BPi serial output pins with our USB serial adapter.
This is less than ideal, but the only option with the current IPFire build.

Here are instructions for connecting the cable you bought to your BPi's serial pins.  Not too bad.Look closely at the picture to connect it to the right pins though.  I did this wrong the first time and was pulling my hair out.

The serial interface via Putty kind of sucks though, so you are going to need to feel your way through the installation menus.  Once you have it where you want (or close) your IPFire is booted, you can enable SSH via the web interface and connect to SSH with an SSH client like Putty and run setup again to verify that the settings are the way you want them.
After a day or two and your BPi install is stable, you can disconnect the USB serial cable and stash it.

As with the RPi setup, set your USB Nic as the Red Nic because it will handle your incoming internet connection and unless you have over 100 megabits coming in to your house, you will not hit its 100 megabit bandwidth limit.
Use the onboard 1 gig Nic for the green interface.

Also, as with the RPi, be aware of the delicate SSD drive you are using as a hard drive and see the configs I recommend for RPi in my RPi blog post above.

Now that you have some sweet speeds, DO NOT feel tempted to turn on the Intrusion Detection.  It will render your IPFire dead.  Not sure why, but it causes a kernel panic that rebooting does not solve.  I had to reload my BPi after enabling this.  Oops.

See my blog post for working with big Blacklists on RPi/BPi here.

You are going to want to get some black fingernail polish for those super bright BPi status LEDs as well.  Trust me.



2 comments:

  1. Hi,

    Great post!
    However, I don't have USB to serial cable.
    Is it possible to connect to ipfire without one?
    Or, is there an image already configured so I can just SSH/WEB connect and then configure?

    Thank you

    ReplyDelete
    Replies
    1. You need to configure the IPfire at least basically via the serial cable. As far as I know, there is no way around this, but you can check the IPFire forums to be sure.

      Delete