In this step, the new IPFire instance is being created. It will be a virtual machine that handles all traffic coming from the public Internet going to the internal subnet and vice-versa. This way, the cloud will be extended by all functionalities IPFire has to offer.
Launch a new instance as usual and select the IPFire image from the AWS Marketplace by searching for “ipfire”:
You will have to decide how many resources you will need for your IPFire installation in the cloud. Various instance sizes are supported and come at varying cost. IPFire only requires one vCPU core and 1GB of RAM to run the basics.
IPFire supports ENA (Elastic Network Adapters) which are a fast virtual network interface for all instance sizes allowing it to transfer up to 25GBit/s on certain instances.
In the next step, you can configure the instance that you are about to create. Select the correct VPC and the public subnet for the first interface.
Let EC2 auto-assign a public IP address so that the system is able to access the Internet straight away to install updates on the first boot. Later, we will replace this temporary address by the Elastic IP address that we have allocated earlier.
It is also recommended to protect the instance against accidental termination.
No new network interfaces need to be created here. The network setup will be finalised after the instance has been launched successfully.
In the next step, you can configure storage. It is recommended to run IPFire on the General Purpose storage. In its usual operation, no much disk I/O is needed. If you are running a larger instance with a caching proxy, you might want to consider to upgrade to the Guaranteed IOPS storage.
8GB are enough space for the system itself and log files. If you want a caching proxy, add some disk space.
Select the “Full Access” security group that has been created earlier.
The first boot will take a couple of minutes because IPFire is being set up automatically. It will import any configuration and SSH keys from AWS and install any pending updates. For that, it might even reboot several times.
As soon as the system is up, you can log in by using the public IP addressthat has been temporarily assigned, the selected SSH key and the user *setup*:
This will automatically bring you to the setup dialogue where you can set up the system.
You will have to set the “admin” password. With that and the temporary public IP address, you can log in to the web user interface and perform any further configuration.
If you would like SSH access and use the root user to log in, you can set the password here too. By default, SSH password authentication is disabled and you will need to enable it on the web user interface first.
After you have set up the credentials and logged in to the web user interface, you can finish setting up the network.
Associate the Elastic IP address with the instance to have a static IP address that stays the same across reboots of the instance:
By default, IPFire will only be available on the ports for SSH and the web user interface. It is recommended to assign the Security Group created in this guide for the GREEN interface to the RED interface, too. Then, IPFire will take care of opening all ports required for certain services like VPN.
The GREEN interface has to be added to the instance to connect the internal subnet as shown:
To apply this change, you will have to reboot the instance.
After the system has been rebooted, the setup is done and you can use IPFire.