Running a firewall in your home network certainly shouldn’t be overlooked, for standard home networks, your ISP router is probably sufficient. However, I run a bit more than just my phone or tablet at home.
I’ve been using Sophos products for about 20 years, I’ve seen the company grow and products develop over the years, I do still believe in the Sophos product range and most definitely on their XG Firewall range.
Now, let us get to the fun part.
The first thing you want to do is register for the Sophos Home Edition of the XG Firewall, the latest version at the moment is 18.0.5 MR5. Head on over to the Sophos Website, complete the simple form and it will take you straight to being able to download the ISO.
Now you have the software, so what’s next? Let’s take a quick look at the requirements and features.
- Intel-compatible computer with dual network interfaces. (Any previous OS or files on the computer will be overwritten when installing the XG Firewall Home Edition)
- Home Edition is limited to 4 cores and 6 GB of RAM. The computer can have more than this, but XG Firewall Home Edition will not be able to utilize it.
- Increase your Internet Bandwidth – You can make easy use of traffic shaping to prioritize application traffic over your internet connection and even subscribe to multiple ISP connections to get more bandwidth or resiliency in the event of an outage with one of them.
- Monitor and control family web surfing – Use Web Filtering to stop sites from infecting you with viruses and spyware, keep your children from surfing to bad sites, and get full reporting on the activity in your home. Also, set up access schedules or usage quotas for family members who may be wasting too much time online.
- Access your home network from anywhere – Use VPN to access your network remotely from anywhere in the world.
- Stop Viruses – Dual AV scanning engines stop viruses in file downloads, email attachments, and embedded in websites. Sophos catches them at the gateway before they can get in to assault your computers.
- And many more…
Depending on what you will be using to install the software on, you need to burn this image to a USB stick or simply upload it to a datastore in VMware.
If you decide to install it on a physical machine, you need to ensure it meets the requirements, make sure it’s 4 cores, has 6GB memory, and at least 2 network ports (LAN and WAN).
You will need to use a tool such as Rufus when writing to a USB, ensure to write it as a DD image instead of ISO.
The installation process is the same either physical or virtual.
Will update this post soon with more detail.
Technitium DNS Server is a free, open-source, cross-platform, authoritative, and recursive DNS server that is aimed at self-hosting a local DNS Server for privacy and security, software development, and testing on small to medium-size networks. It works out-of-the-box with no or minimal configuration and provides a user-friendly web console accessible using any web browser.
Technitium DNS Server web console provides a dashboard that displays useful stats, these can be used to understand the DNS server operations. The dashboard contains the main chart which displays query and response-related data and a couple of pie charts. It also lists top clients, top domains, and top blocked domains in a tabular format.
How to install?
For the installation I chose Ubuntu Linux the process is fairly simple, however the software was built to be cross platform using .NET. You can run it on Windows, Linux or MacOS.
The Automated installer script was used to install the DNS Server.
curl -sSL https://download.technitium.com/dns/install.sh | sudo bash
Once installed, you may go ahead and allow the following ports:
Port 5380/tcp is used for the web console, you really don’t want that open to the web.
Port 67/udp is used for DHCP, again you only want that on your local network.
Login to your dashboard
That’s it, it’s installed. Now configure your network with the IP address of the server for DNS resolution.
I use this server for my home lab, servers, docker containers, basically I use a domain internally and use this server for name resolution for my devices.
Installing DNS Server Manually
Install the .NET 5 runtime from here.
Once you have installed .NET 5, SSH into the server and follow the steps below:
- Download DNS Server portable app using wget and extract it.
wget https://download.technitium.com/dns/DnsServerPortable.tar.gz sudo mkdir -p /etc/dns/ sudo tar -zxf DnsServerPortable.tar.gz -C /etc/dns/
- You can now run the DNS Server directly from the console as a standalone app.
cd /etc/dns/ sudo ./start.sh
- Open the url
http://<server-ip-address>:5380/to access the web console.