So my - ok, one of my - bottom tier computers which was running the pfsense firewall will now get a new and different firewall for me to play with. Apparently pfsense no longer supports architecture below 64 bit, or I can't find the link to the older-box versions. So I blew it away and installed ipfire, with which I have no experience and know nobody with any (though I haven't yet brought it up at the Linux club). Figured I'd wreck it a little first.
The box is of 2005 vintage, a Dell of the WinXP era. Maybe the installer didn't expect that, since although the root and admin passwords were accepted by it during the setup routine, neither of them worked on reboot. On reinstall, root worked but not admin - and passwd informed me that such a user was not present, as in not even created. But CLI works and blinky lights are happening on the downstream router. I'll update within this post below as I discover how this new-to-me product works; it's evidently maintained by a company that has both supported and free versions.
UPDATE #1, 9/8
After one or two reboots and/or reinstalls, the installer kept putting in a root password that the system wouldn't remember. A forum suggested entering the password during installation without using the "Return" to get to the next line, but using "Tab" instead. The theory was that "Return" might insert screwy control characters but that "Tab" would not. This seems to have been true, fixing the root PW creation issue. I had to add the "admin" user manually (via useradd, not the web interface) but it seems to be successfully sticking as well. Now running through as many simple commands as I can think of, and it's ok after a half dozen reboots. I have an iso of Smoothwall in case something craters me later.
UPDATE #2, 9/12
And it forgot the root password again some more repeatedly... so I'm giving up on the old Dell (a GX520 Optiplex) and am now trying ipFire on a Dimension 2400 of equally ancient vintage but better specs (faster proc at 2.6ghz Celeron D and more memory at 2g). The ncurses based installer worked after the 4th or 5th attempt and the root PW has been remembered for days now. No routing to switch yet but pinging out and GUI adds/removes rules; will do a new post when most things work and there's news to report.
UPDATE #3, 10/8
Holy ruleset, Batman: this is all a bit more complex than I figgered. Routing out to the world is fine but the intrusion detection engine isn't turning over. Simple fw rules are operational through the GUI AFAIK and can test, so all seems ok with this package and box. BUUUT I was really interested in trying out its built-in IDS/IPS (intrusion and detection) which both uses signatures and behavior methods of detection/blocking (this would provide another perspective in the ongoing architecture debate between Snort and its later rivals). See, they used to use the venerable Snort but changed to Suricata a few releases back, so I dug up the command line commands for that. I think Suricata's config file was mangled at installation; the good ol' linux locate(updatedb) command verifies that the config file is where it's expected to reside and simple things like versioning display with -V happen right. I even catted the whole thing and it looks complete to my untrained eye. IPS won't run, though.
In my defense, I'd still be running pfSense if they had continued with the 32 bit version (with which all services ran when I asked them to); I just may get some raspberry Pi or other and throw pfSense on there - unless I reinstall IPFire and get it to run. Wish me luck! Until a better theory comes along, I'll blame Dell.
