I have the following problem: I want to access a specific server that is in the green network from the red network, for example. E.g. 192.168.1.3:80
I have tried various rules but it does not work.
It only works to access the firewall red interface from the red network but not from the green network
Look for Port Forward. There is a thread right by yours.
What did you set the Source to?
this might help:
Hi 
thanks for the quick reply.
I have applied exactly as in the documentation. However, it does not work.
@bruzzler I can only provide my specific setup that works, so depending on what exactly you need, set it up as follows:
Have you confirmed that the web server you are running on 192.168.1.2 or 192.168.1.3 (both IP’s have been referenced in the thread) is actually working.
On another machine on the green network, what result do you get if you put http://192.168.1.3:80 into the browser url field.
That will work only on the green network so it doesn’t need anything from IPFire.
If when you run that url you don’t get the web page you expect to see from your web server then you need to get the web server working first.
If when you run that url you do get the web page you expect to see then we need to start looking at the IPFire logs to see what is blocking the access from the internet.
Just to confirm, your ISP is providing you with a public IP address to your red interface?
Hi,
Yes 192.168.1.2 and 192.168.1.3 work but only from the green network. I have not yet activated the ipfire as an exposed host. At the moment I have assigned a private ip from the fritzbox. I would like to configure everything correctly before I release the device into the WAN. I can only access the ipfire from the red (fritzbox network). But not to the devices that are in the green network. For example to the switch or access point
Have tried it like the unfortunately does not work
Okay, so you have a Double Nat connection with IPFire and a fritzbox between your green network an the internet.
What IP subnet are you using on the fritzbox. What IP does IPFire get on its red interface from your fritzbox.
Fritz Box: 192.168.0.1/24
Red interface: 192.168.0.5/24
Green int: 192.168.1.1/24 (IP from
Ipfire-DHCP)
Okay so your green and red subnets are not overlapping, although it is not clear why you have your green subnet set up with 255.255.255.128 rather than the default 255.255.255.0
So now you need to also create a port forward rule in your Fritzbox that allows your public IP to be forwarded from the internet to 192.168.0.5 and your IPFire should have its rule changed from any for the source to 192.168.0.1 as the traffic will only come to IPFire from the fritzbox.
More info:
The fritzbox runs a DHCP server for Red only. And a DHCP server on the Ipfire only for Green. The Green /25 was a typo
Okay, no problems then.
I have understood the port forwarding. However, it does not solve the problem that I cannot access the devices from red into the green.
If you have a laptop or something that you can connect to the red connection between your fritzbox and IPFire then if the port forwarding rule has been correctly created you will be able to connect to the specified machines on green from red.
If that is not working then there must be an error in the port forward rules somewhere.
I have implemented it as described here. However, no success.
The web server in green 192.168.1.3:80 should be reachable from red as 192.168.0.5:80 if you have defined a port forward rule with
source <Any>:80
destination 192.168.1.3:80
A port forward rule opens the port on the red interface, DNAT maps the traffic to a service on an internal device.
From outside ( WAN ) it looks as if the server is located in the IPFire device.
See www.ipfire.org - Network Address Translation Reference and www.ipfire.org - Creating a Port-Forward Rule.
www.ipfire.org - Forward Port 80 from Any network to Green is just an example.
Thanks to all for the help