Posts RaspberryPi 4 as Firewall

RaspberryPi 4 as Firewall

RaspberryPI 4 Model B as Firewall (Smoothwall Express 3.1)


Q: Why I choose Smoothwall Express 3.1

A: I was looking to get Ipfire on my new Raspberry Pi but at the moment (30.12.2020) is Ipfire not supporting the RaspberryPi 4. The only Firewall that’s running well on RaspberryPi is Smoothwall Express 3.1 . And yes its quite better that I was thinking! It has a lot of features and community driven mods. And for RaspberryPi are not so much Firewall DISTROS and especially for the Raspberry 4, Smoothwall Express 3.1 was the only one that I found. And the last update for SWE 3.1 was at Jul 14, 2020.

Q: It’s only working on RaspberryPi 4?

A: I don’t test it, but I think yes. If someone try it on a RaspberryPi 3 Model B+, just send me a message on Twitter.

Q: What should I learn?

A: Definitly iptables.

Q: I can’t use DHCP simultantly on PURPLE(Wi-Fi) and Green(Switch)

A: It only works if PURPLE is in other subnet as GREEN.

Q: Do I need all of your Equipment?

A: If you have something like the Products that I named it shouldn’t be a problem but what i definitely recommend you to buy is the “Aluminium heat sink with fan”, because the Raspi will get hot. If you don’t have it, then buy all of these things because you will need it all (except the DSL Router/Modem, i mean you should have one lol).

Q: I can’t access from PURPLE stuffs on GREEN like Webservices etc, what can i do?

A: You need to allow tcp/udp on every port from PURPLE to GREEN and from GREEN to PURPLE. You can do this only for one device or for all devices. You can do this on cli with iptables or on the Webinterface under Networking-Internal.

Q: I want to build my own iptables chains/rules and delete the one that get coocked up at booting…

A: You can write a script and add it at the last line of /etc/rc.d/rc.sysinit or you can write/delete the standard one in /etc/rc.d/rc.firewall.up

Your bestfriend is /etc/rc.d !!!!

Q: I can’t access the firewall from PURPLE, even https or ssh

A: You need to allow it. You can allow it from the webinterface under services->remote access

Q: It’s PPPOE working?

A: Yes, im using it as PPPOE with a FritzBox (Yes, you can use the fritzbox as modem You can change the RED interface from the Webinterface to PPPOE.

Q: Ports?

A: 222 - ssh , 441 - https


Product Link
USB 3.0 RJ45 10/100/1000 Gigabit Ethernet Adapter
Aluminum heat sink with fan for Raspberry Pi 4B
Raspberry Pi 4 Model B 4GB RAM
MicroSD 64GB
MicroSD USB Reader
TP-Link TL-SG105 5-Ports Gigabit Network Switch
3x LAN Kabel (use Gigabit Ethernet Cables), for example these from the link
MicroHDMI to HDMI Adapter
And a DSL Router of course(i think you should have one lol)  


| Name | Description | Link |:———-|:———-|:———-| | RaspberryPi Imager | We will need it to erase & format the MicroSD | Smoothwall patched for RaspberryPi 4 with update 11| The Smoothwall Open Source Project was set up in 2000 to develop and maintain Smoothwall Express - a Free firewall that includes its own security-hardened GNU/Linux operating system and an easy-to-use web interface, you can read more at||



  1. Open RaspberryPi Imager and choose Operating System

  2. Scroll down and choose Erase

  3. Select your SD Card

  4. Click on Write
  5. Now copy all the files from Express-3 to the SD Card

Before booting:

  • Insert the SD Card in your RaspberryPi.
  • Connect it to a monitor and you will need as well a keyboard.

  • The first ethernet cable with the usb-to-lan adapter and then to the router
  • The second ethernet cable with the onboard lan to the switch
  • The third one from the switch to your pc

Now we can start it.

PART 2.0

  1. Press Return
  2. Type 1 and press Return (we rename wlan0 to eth2 so keep in mind, eth2 is our WiFi interface)
  3. Press Return
  4. Press Return
  5. Press Return
  6. Press Return
  7. Press Return
  8. Chose your Country Code and press Return
  9. Now type ‘yes’ and press Return
  10. Select NO
  11. Select your Keyboard Mapping
  12. Select your Timezone
  13. If you want, you can change the hostname of our firewall to something else, if not press Return B
  14. Select Half-Open

PART 2.1

IMPORTANT : We will use our USBtoEthernet-Adapter as RED Interface (for getting a working internet connection), the Onboard LAN as GREEN for the LAN and the Onboard WiFi as Purple

  1. Choose Network Configuration Type
  2. Scroll down and select GREEN + PURPLE + RED
  3. Now choose Card Assignments
  4. Choose Ok and hit Return
  5. The USBtoEthernet Adapter as RED
  6. The Onboard Ethernet as GREEN
  7. The Onboard WiFi as Purple
  8. Now we choose Adress Settings
  9. Choose Green
  10. Press Return
  11. We will choose the standard one
  12. Now we Choose Purple
  13. For purple we use and /24 Mask (you can do later the routing etc)
  14. Now we select RED
  15. ATM we will use it as behind the router(not PPPOE, you can do this later) so we choose DHCP B
  16. Choose Done an hit return
  17. Choose DNS Settings
  18. Delete the DNS Server (we will use the default one from RED, Router DNS)
  19. Choose DONE and hit return
  20. We choose DHCP Server Configuration
  21. We activate the DHCP Server Configuration for GREEN(make sure that you connect GREEN to Switch and a Ethernet Cable from Switch to your PC)
  22. Select FINISHED
  23. Choose a password for the user ‘admin’ (webinterface)
  24. Choose a password for the user ‘root’ (ssh) B
  25. We done, hit Return

PART 3.0


For some reason is the wifi broken… so we need to resolve that.

  1. SSH on smoothwall / on port 222 (Port 222 is the standard port for ssh on Smoothwall) 17. Choose DNS Settings
  2. Now we will use my script for fix WIFI

     bash <(wget -qO-  (Note that the Country Language is set to DE so you will need to change it after rebooting at /etc/hostapd/hostapd.purple.conf and reboot again.
  3. Now we need activate DHCP for Purple WiFi, for that access the Webinterface and go to Services-dhcpd, scroll down to interface and choose Purple
  4. Enable DHCP and set it up like in the picture

Thats it, now you can connect to the SSID ‘Purple-Wifi’ with the password ‘password’. You can change it at /etc/hostapd/hostapd.purple.conf

This post is licensed under CC BY 4.0 by the author.

Trending Tags