<li><a href="#itsfree">{{ _("It's free") }}</a></li>
</ul>
<div id="concept">
- <p>
- The foundation of <strong>IPFire</strong> is the high level of flexibility which lets us
- configure different versions of this operating system out of a single base. Beginning with a
- few megs big firewall system it is possible to run IPFire as a file server or VPN gateway for
- staff, branches and customers. This is manageable with the packet manager that enhances
- the system only if you really want to.
- </p>
- <p>
- We believe that this is the best way to provide security to a network. There is no way to give
- out a static appliance as is because security is not a single thing to install and never touch
- again. It's a kind of process paired with behaviour and restrictions. This plans could look
- different from company to company and also differ from the place IPFire is installed at.
- </p>
- <p>
- <em>Please click through the tabs and take a look at what possibilities IPFire offers for
- your personal concept of network. And don't be scared. We have built-in our own to
- start with...</em>
- </p>
+ {% if lang == "de" %}
+ <p>
+ <!-- XXX irgendwie noch alles recht schwammig -->
+ <strong>IPFire</strong> ist auf der Grundidee "Flexibilität" aufgebaut. Das ermöglicht
+ aus einer einzigen Basis verschiedene Arten von Betriebssystemen zu bauen. Beginnend mit einem
+ Firewall-System bestehend aus wenigen Megabytes ist es möglich IPFire auch als Dateiserver oder
+ VPN-Gateway für Mitarbeiter, Filialen oder Kunden zu betreiben. Dies und mehr ist möglich durch
+ den Paketmanager, der nur installiert was nötig ist und auch Sicherheitsupdates sehr einfach
+ macht.
+ </p>
+ <p>
+ Dies ist der beste Weg ein Netzwerk sicher zu gestalten, denn Sicherheit ist kein Programm,
+ das einfach installiert werden kann und um welches man sich nicht mehr kümmern braucht.
+ Hingehen kann Sicherheit von Unternehmen zu Unternehmen ganz anders aussehen und das
+ erfordert Anpassungsfähigkeit, die IPFire mitbringt.
+ </p>
+ <p>
+ <em>Diese Tabs zeigen was mit IPFire alles möglich ist. Jede Rubrik trägt ihren Teil zum
+ Gesamtkonzept bei und macht IPFire ganz individuell zu dem was es ist.</em>
+ </p>
+ {% else %}
+ <p>
+ The foundation of <strong>IPFire</strong> is the high level of flexibility which lets us
+ configure different versions of this operating system out of a single base. Beginning with a
+ few megabytes big firewall system it is possible to run IPFire as a file server or VPN gateway for
+ staff, branches or customers. This is manageable with the package manager that enhances
+ the system only if you really want to and makes securtity updates very easy.
+ </p>
+ <p>
+ We believe that this is the best way to provide security to a network. There is no way to give
+ out a static appliance because security is not a single thing to install and never touch
+ again. It's a kind of process paired with behaviour and restrictions. This plans could be very
+ different from company to company and also differ from the place IPFire is installed at.
+ </p>
+ <p>
+ <em>Please click through the tabs and take a look at what possibilities IPFire offers for
+ your personal concept of network. And don't be scared. We have built-in our own to
+ start with...</em>
+ </p>
+ {% end %}
</div>
<div id="security">
<img src="{{ static_url("images/icons/security.png") }}" class="floatTL" alt="{{ _("Security") }}" />
- <p>
- The matter that counts most in the development of IPFire is - of course - security. But
- we don't believe that there is only one single way to achvieve security. It is more important
- that every administrator knows about what he is configuring and that he is teached about what
- is right in his special environment.
- </p>
- <p>
- IPFire
- </p>
+ {% if lang == "de" %}
+ <p>
+ Der Schwerpunkt, der in der Entwicklung von IPFire am meisten wiegt ist Sicherheit. Aber da
+ es nicht nur einen Weg gibt Sicherheit zu erlangen ist es notwendig, dass jeder Administrator
+ Kenntnis darüber hat welche Konfiguration am besten ist in seiner individuellen Umgebung.
+ </p>
+ <p>
+ IPFire ist die Basis von Sicherheit im Netzwerk. Durch die Fähigkeit das Netzwerk zu separieren
+ sodass jeder Teil nach seinen Bedürfnissen gesichert werden kann. In der
+ <a href="#firewall">Firewall</a>-Sektion gibt es mehr dazu.
+ </p>
+ <p>
+ Ein weiterer sehr wichtiger Punkt auf den die Entwickler Wert legen ist das zügige und
+ zuverlässige Bereitstellen von Sicherheitsupdates. Da IPFire direkt mit dem Internet verbunden
+ ist ist das System primäres Ziel von Hackern und Bots.
+ </p>
+ {% else %}
+ <p>
+ The matter that counts most in the development of IPFire is - of course - security. But
+ we don't believe that there is only one single way to achieve security. It is more important
+ that every administrator knows about what he is configuring and that he is teached about what
+ is right in his special environment.
+ </p>
+ <p>
+ IPFire is the base of security in the network. It has the power to separate the network into
+ smaller parts rated by their security level. That's what makes it more easy to create a custom
+ policy for every part. See the <a href="#firewall">firewall</a> tab to learn more about that.
+ </p>
+ <p>
+ Another very important thing the developers focus on is the fast and reliable distribution
+ of security updates of the system or its components like the Linux kernel, libraries, etc.
+ As IPFire is directly connected to the internet it is a primary target to hackers and bots
+ we have to fight against.
+ </p>
+ {% end %}
</div>
<div id="pakfire">
<img src="{{ static_url("images/icons/pakfire.png") }}" class="floatTL" alt="{{ _("Pakfire") }}" />
- <p>
- From the technical point of view, IPFire is a very shrinked and hardened firewall system
- which comes with an integrated package manager that is called <a href="/features/pakfire">Pakfire</a>.
- With only a single click you can extend your system to a server that provides services from different
- categories.
- </p>
- <p>
- The most interesting addons:
- </p>
- <ul>
- <!-- XXX make this right -->
- <li>File services like: Samba and vsftpd</li>
- <li>A collection of command line tools like: tcpdump, nmap and traceroute.</li>
- <li>Asterisk</li>
- <li><em>{{ _("and many more...") }}</em></li>
- </ul>
+ {% if lang == "de" %}
+ <p>
+ Vom technischen Standpunkt aus ist IPFire ein schlankes, gehärtetes Firewall-System, welches
+ einen Paketmanager mitbringt, der den Namen <a href="/features/pakfire">Pakfire</a> trägt.
+ Mit nur wenigen Klicks ist es möglich dieses System auf eine Serverlösung auszubauen.
+ </p>
+ <p>
+ Die interessantesten Addons:
+ </p>
+ <ul>
+ <!-- XXX ma ordentlich machen, ne? -->
+ <!-- XXX vielleicht auf die howtos im wiki verlinken -->
+ <li>Dateidienste wie z.B.: Samba und vsftpd</li>
+ <li>Eine Auswahl an Konsolentools: tcpdump, nmap und traceroute.</li>
+ <li>Asterisk</li>
+ <li><em>und viele mehr...</em></li>
+ </ul>
+ {% else %}
+ <p>
+ From the technical point of view, IPFire is a very shrinked and hardened firewall system
+ which comes with an integrated package manager that is called <a href="/features/pakfire">Pakfire</a>.
+ With only a single click you can extend your system to a server that provides services from different
+ categories.
+ </p>
+ <p>
+ The most interesting addons:
+ </p>
+ <ul>
+ <!-- XXX make this right -->
+ <li>File services like: Samba and vsftpd</li>
+ <li>A collection of command line tools like: tcpdump, nmap and traceroute.</li>
+ <li>Asterisk</li>
+ <li><em>and many more...</em></li>
+ </ul>
+ {% end %}
+
<p class="links">
<a href="http://wiki.ipfire.org/{{ lang }}/configuration/ipfire/pakfire/start">
{{ _("How to install a package?") }}
</div>
<div id="firewall">
<img src="{{ static_url("images/icons/firewall.png") }}" class="floatTL" alt="{{ _("Firewall") }}" />
- <p>
- IPFire comes with a SPI (stateful inspection) firewall which is built on top of the
- Linux <a href="http://www.netfilter.org/">netfilter</a>.
- </p>
- <p>
- With the installation of IPFire, the network gets seperated into different parts that
- represent a special kind of computers with their own level of security:
- </p>
- <ul>
- <li style="color: green;">
- <strong>Green:</strong> The segment of the network which is marked by the colour <em>green</em>,
- which stands for a safe area, is where all client computers get. It is the normal LAN and normally
- wired. Clients can access all other segments without any restriction.
- </li>
- <li style="color: red;">
- <strong>Red:</strong> The internet as a source of danger gets the colour <em>red</em>.
- No access from the internet is permitted to pass the firewall.
- </li>
- <li style="color: darkblue;">
- <strong>Blue:</strong> The wireless LAN is an other source of potential harm. So it is seperated
- and got the colour <em>blue</em> for "air". Clients on this part of the network must be
- allowed explicitely to access the internet.
- </li>
- <li style="color: orange;">
- <strong>Orange:</strong> If there are any servers that are accessable by the internet, it is
- also possible to take them over. For this case, there is the segment coloured <em>orange</em>
- (some compromise between red and green) so that those machines are not able to harm any
- other segment. This is called demilizarized zone (DMZ).
- </li>
- </ul>
- <br class="clear" />
- <p>
- So there is a best place for every machine in the network. All the segments can be activated seperately
- (except green and red are always required).
- <br />
- On top of all of that, there is an <strong>outgoing firewall</strong> for filtering the egress direction.
- </p>
+ {% if lang == "de" %}
+ <p>
+ IPFire ist mit einer SPI-Firewall (stateful inspection) ausgestattet, die auf dem
+ Linux <a href="http://www.netfilter.org/">netfilter</a> aufgebaut ist.
+ </p>
+ <p>
+ Jede IPFire-Installation teilt das Netzwerk in kleinere, voneinander getrennte Teile,
+ denen eine Gruppe von Computern zugeordnet wird - abhängig von ihrer Sicherheitseinstufung:
+ </p>
+ <ul>
+ <li style="color: green;">
+ <strong>Grün (Green):</strong> In der grünen Zone befinden sich alle Client-PCs,
+ die als sicher eingestuft sind. Das ist in der Regel das verkabelte LAN. Alle PCs
+ können auf alle anderen Netze ohne Beschränkung zugreifen.
+ </li>
+ <li style="color: red;">
+ <strong>Rot (Red):</strong> Das Internet hat aufgrund seiner potentiellen Gefahr
+ die Farbe rot bekommen. Es ist kein Zugriff von dort aus auf eines der anderen
+ Netze möglich ohne, dass dieses vorher explizit erlaubt wurde.
+ </li>
+ <li style="color: darkblue;">
+ <strong>Blau (Blue):</strong> Das drahtlose Netzwerk ist auch eher als gefärlich
+ einzustufen und wurde daher vom übrigen LAN getrennt. PCs in diesem Netz müssen
+ explizit zugelassen werden um auf das Internet zugreifen zu dürfen.
+ </li>
+ <li style="color: orange;">
+ <strong>Orange:</strong> Server, die vom Internet aus erreichbar sein müssen
+ haben die Gefahr, dass sie übernommen werden können. Für diesen Fall sind sie
+ in dem orangenen Segment eingeschlossen und können keine anderen Systeme
+ in den anderen Zonen beeinträchtigen. Die orangene Zone wird auch demilitarisierte
+ Zone (DMZ) genannt.
+ </li>
+ </ul>
+ <br class="clear" />
+ <p>
+ Somit gibt es für jedes System einen optimalen Platz im Netzwerk. Alle Netzwerksegmente
+ außer Grün und Rot, die immer vorhanden sind, können einzeln hinzukonfiguriert werden.
+ <br />
+ Zusätzlich gibt es eine <strong>ausgehende Firewall</strong>, die Verkehr aus den lokalen
+ Netzen heraus ins Internet filtert.
+ </p>
+ {% else %}
+ <p>
+ IPFire comes with a SPI (stateful inspection) firewall which is built on top of the
+ Linux <a href="http://www.netfilter.org/">netfilter</a>.
+ </p>
+ <p>
+ With the installation of IPFire, the network gets seperated into different parts that
+ represent a special kind of computers with their own level of security:
+ </p>
+ <ul>
+ <li style="color: green;">
+ <strong>Green:</strong> The segment of the network which is marked by the colour <em>green</em>,
+ which stands for a safe area, is where all client computers get. It is the normal LAN and normally
+ wired. Clients can access all other segments without any restriction.
+ </li>
+ <li style="color: red;">
+ <strong>Red:</strong> The internet as a source of danger gets the colour <em>red</em>.
+ No access from the internet is permitted to pass the firewall.
+ </li>
+ <li style="color: darkblue;">
+ <strong>Blue:</strong> The wireless LAN is an other source of potential harm. So it is seperated
+ and got the colour <em>blue</em> for "air". Clients on this part of the network must be
+ allowed explicitely to access the internet.
+ </li>
+ <li style="color: orange;">
+ <strong>Orange:</strong> If there are any servers that are accessable by the internet, it is
+ also possible to take them over. For this case, there is the segment coloured <em>orange</em>
+ (some compromise between red and green) so that those machines are not able to harm any
+ other segment. This is called demilitarized zone (DMZ).
+ </li>
+ </ul>
+ <br class="clear" />
+ <p>
+ So there is a best place for every machine in the network. All the segments can be activated seperately
+ (except green and red are always required).
+ <br />
+ On top of all of that, there is an <strong>outgoing firewall</strong> for filtering the egress direction.
+ </p>
+ {% end %}
<p class="links">
<a href="http://wiki.ipfire.org/en/configuration/firewall/outgoingfirewall">{{ _("Outgoing firewall configuration") }}</a>
</p>
</div>
<div id="vpn">
<img src="{{ static_url("images/icons/vpn.png") }}" class="floatTL" alt="{{ _("VPN") }}" />
- <p>
- IPFire can be enhanced to a VPN (virtual private network) gateway that connects places and
- persons to the local network. This could either be staff, friends and people you want to share
- data with in a secure way but also could be a branch office, important customer or an other
- company you are operating with.
- </p>
- <p>
- To be able to dock on diffent technologies IPFire offers these implementations:
- </p>
- <ul>
- <li><strong>IPSec</strong> to connect networks side-by-side (also is called net-to-net).</li>
- <li>To connect so called <em>roadwarrior clients</em> there is <strong>OpenVPN</strong>.</li>
- </ul>
- <!-- XXX there is too less margin on the buttom of this list, so: -->
- <br class="clear" />
- <p>
- Those implementations let IPFire connect to routers or VPN gateways by:
- <a href="http://www.cisco.com">Cisco</a>, <a href="http://www.juniper.net">Juniper</a>,
- other Linux-based implementations and many more...
- </p>
+ {% if lang == "de" %}
+ <p>
+ IPFire kann zu einem VPN-Gateway (virtal private network - virtuelles, privates Netzwerk)
+ ausgebaut werden, welches Orte und Personen mit dem lokalen Netzwerk verbindet. Das könnten
+ zum Beispiel Mitarbeiter, Freunde oder Personen mit denen man Daten sicher austauschen möchte,
+ aber auch eine Filiale, Außenstelle, wichtige Kunden oder andere Unternehmen mit denen kommuniziert
+ wird.
+ </p>
+ <p>
+ Um sich über verschiedene Technologien verbinden zu können verfügt IPFire über folgende
+ Implementierungen:
+ </p>
+ <ul>
+ <li><strong>IPSec</strong>, welches Netzwerke mit anderen Netzwerken transparent verbindet.</li>
+ <li>Für sogenannte <em>Roadwarrior-Clients</em> (z.B. Notebooks) gibt es <strong>OpenVPN</strong>.</li>
+ </ul>
+ <br class="clear" />
+ <p>
+ Mit dieser Software lässt sich IPFire leicht verbinden mit Routern oder VPN gateways von
+ <a href="http://www.cisco.com">Cisco</a>, <a href="http:///www.juniper.net">Juniper</a>,
+ andere Linux-basierten Implementierungen und vielem mehr...
+ </p>
+ {% else %}
+ <p>
+ IPFire can be enhanced to a VPN (virtual private network) gateway that connects places and
+ persons to the local network. This could either be staff, friends and people you want to share
+ data with in a secure way but also could be a branch office, important customer or an other
+ company you are operating with.
+ </p>
+ <p>
+ To be able to dock on different technologies IPFire offers these implementations:
+ </p>
+ <ul>
+ <li><strong>IPSec</strong> to connect networks side-by-side (also is called net-to-net).</li>
+ <li>To connect so called <em>roadwarrior clients</em> there is <strong>OpenVPN</strong>.</li>
+ </ul>
+ <!-- XXX there is too less margin on the buttom of this list, so: -->
+ <br class="clear" />
+ <p>
+ Those implementations let IPFire connect to routers or VPN gateways by:
+ <a href="http://www.cisco.com">Cisco</a>, <a href="http://www.juniper.net">Juniper</a>,
+ other Linux-based implementations and many more...
+ </p>
+ {% end %}
<p class="links">
<!-- XXX a link to the wiki goes here -->
<a href="http://wiki.ipfire.org">{{ _("Learn more about configuring a VPN connection") }}</a>
</div>
<div id="hardware">
<img src="{{ static_url("images/icons/hardware.png") }}" class="floatTL" alt="{{ _("Hardware") }}" />
- <p>
- Based on a recent version of the Linux kernel 2.6 series, IPFire supports latest hardware
- like 10G network cards and wireless hardware out of the box.
- </p>
- <p>
- Developers are concerned about keeping the system running on many variations as
- possible what makes IPFire run on cheap hardware as well as running on high
- performance servers.
- </p>
+ {% if lang == "de" %}
+ <p>
+ Basierend auf aktuellen Versionen der Linux Kernels der 2.6er Serie unterstützt IPFire
+ neueste Hardware wie 10-Gigabit-Netzwerkkarten und Wireless-Hardware ohne zusätzlich
+ nachzuinstallierende Treiber.
+ </p>
+ <p>
+ Den Entwicklern ist es ein Anliegen IPFire auf einer möglichst breiten Palette von
+ Hardware lauffähig zu machen. Das schließt sowohl günstige Hardware wie auch
+ hochperformante Server ein.
+ </p>
+ {% else %}
+ <p>
+ Based on a recent version of the Linux kernel 2.6 series, IPFire supports latest hardware
+ like 10G network cards and wireless hardware out of the box.
+ </p>
+ <p>
+ Developers are concerned about keeping the system running on many variations as
+ possible what makes IPFire run on cheap hardware as well as running on high
+ performance servers.
+ </p>
+ {% end %}
<p class="links">
<a href="http://wiki.ipfire.org/{{ lang }}/hardware/start">Hardware section on the wiki</a>
•
</div>
<div id="virtualization">
<img src="{{ static_url("images/icons/virtualization.png") }}" class="floatTL" alt="{{ _("Virtualization") }}" />
- <p>
- IPFire can be run as a virtual guest on the following hypervisors:
- </p>
- <ul>
- <li><a href="http://www.linux-kvm.org">KVM</a>/Qemu</li>
- <li>Xen (paravirtualized and fully virtualized mode)</li>
- <li>VMWare (Workstation, vSphere, ESXi, ...)</li>
- <li>Virtualbox</li>
- </ul>
- <br class="clear" />
- <p>
- It brings many frontend drivers for high performnce for all the hypervisors.
- </p>
+ {% if lang == "de" %}
+ <p>
+ IPFire kann als virtueller Gast auf folgenden Lösungen betrieben werden:
+ </p>
+ <ul>
+ <li><a href="http://www.linux-kvm.org">KVM</a>/Qemu</li>
+ <li>Xen (paravirtualisiert oder im vollvirtualisieren Modus)</li>
+ <li>VMWare (Workstation, vSphere, ESXi, ...)</li>
+ <li>Virtualbox</li>
+ </ul>
+ <br class="clear" />
+ <p>
+ Mitgeliefert werden Frontend-Treiber um hohe Leistung auf allen
+ Systemen zu gewährleisten.
+ </p>
+ {% else %}
+ <p>
+ IPFire can be run as a virtual guest on the following hypervisors:
+ </p>
+ <ul>
+ <li><a href="http://www.linux-kvm.org">KVM</a>/Qemu</li>
+ <li>Xen (paravirtualized and fully virtualized mode)</li>
+ <li>VMWare (Workstation, vSphere, ESXi, ...)</li>
+ <li>Virtualbox</li>
+ </ul>
+ <br class="clear" />
+ <p>
+ It brings many frontend drivers for high performance for all the hypervisors.
+ </p>
+ {% end %}
</div>
<div id="itsfree">
<img src="{{ static_url("images/icons/itsfree.png") }}" class="floatTL" alt="{{ _("It's free") }}" />
- <p>
- As IPFire is licensed under the <a href="http://www.gnu.org/licenses/gpl.html">GNU General
- Public License</a> in version 3 it is free of charge.
- </p>
- <p>
- There is the opportunity to make a <a href="/donation">donation</a> to the
- community which is a very important thing for the success of the project.
- </p>
+ {% if lang == "de" %}
+ <p>
+ Lizenziert unter der <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>
+ in Version 3 ist IPFire freie Software.
+ </p>
+ <p>
+ Eine <a href="/donation">Spende</a> sichert allerdings den Fortbestand des Projekts,
+ welches ohne diese Unterstützung nicht existieren kann und maßgeblich für den Erfolg
+ ist.
+ </p>
+ {% else %}
+ <p>
+ As IPFire is licensed under the <a href="http://www.gnu.org/licenses/gpl.html">GNU General
+ Public License</a> in version 3 it is free software.
+ </p>
+ <p>
+ There is the opportunity to make a <a href="/donation">donation</a> to the
+ community which is a very important thing for the success of the project.
+ </p>
+ {% end %}
</div>
</div>
{% end block %}