Access to red for clients on blue

Networking WiFi
1

Hello, I have a question about connecting the red and blue interfaces, so that the WAN on red can be accessed by devices on blue. I hope this is the correct way to ask something like this, if not feel free to correct me.
(Also: I’m very new to firewalls / APs and don’t fully know what I’m doing)

My firewall (Two Ethernet nics, One for Wifi/Wlan) is connected to a bigger company network. This network has a dhcp and only gives you an IP if it recognizes your mac address. (red)
I am also able to run hostapd via the console and create a wifi network.
(This doesn’t work in the webinterface, I don’t know why, but it doesn’t any settings and then won’t turn on the ap)

I currently have Blue Access configured in a way, that MAC Adress filtering is disabled for all clients.
However, I have not figured out how to route the traffic from the devices on blue to red, so that they can connect to the internet.

Blue Access:
Source IP: 192.168.250.0/24, MAC Adress: NONE

Setup > Networking > Address settings:
Green:
192.168.0.254
255.255.255.0
Blue:
192.168.1.254
255.255.255.0
Red:
DHCP
DDHCP Hostname: ipfire
Force DHCP MTU:

/etc/hostapd.conf

	driver=n180211
	interface=blue0
	country_code=DE
	ieee80211d=1
	ieee80211h=1
	channel=6
	hw_mode=g
	logger_syslog=1
	logger_syslog_level=0
	logger_stdout=-1
	logger_stdout_level=4
	auth_algs=1
	ctrl_interface=/var/run/hostapd
	ctrl_interface_group=0
	disassoc_low_ack=1
	sssid=Joe's iPhone
	ignore_broadcast_ssid=0
	noscan=0
	ieee80211w=0
	wpa=3
	wpa_passphrase=test1234
	wpa_key_mgmt=WPA-PSK
	rsn_pairwise=CCMP

Firwall Rule (I only have this one):
Source:
Standard networks: RED
NAT:
Use Network Adress Translation
Destination NAT (Port forwarding)
Firewall Interface: Automatic
Destination:
192.168.1.254 (Blue Address)
Protocoll:
TCP
Source, Destination & External Port: blank
ACCEPT

2

Hi @freya

Welcome to the IPFire community.

You have said that your blue interface has an address of 192.168.1.254 with a netmask of 255.255.255.0

Based on that your entry in the Blue Access should be
192.168.1.0/24 with a MAC Address: NONE

3 Likes
3

Hi @bonnietwin
thank you, I think that was at least part of the problem ^^
The clients on the blue network are sadly still not able to reach the internet though. Do you know of anything else that I’m missing or did wrong?

4

You should not need this firewall rule.
If you corrected your Blue access.

3 Likes
5

Thanks!
I removed the rule and the blue access is set up correctly now, however nothing changed. (which I guess is not unexpected, since the rule didn’t really do anything)

6

You wrote, that you are not able to define hostapd from the WUI.
How did you manage from the CLI? Are there error messages on the console, in /var/log/messages or the WUI?
Which wireless card do you use? Not all wifi cards support AP mode.

4 Likes
7

Does this mean you have 2 nics and 1 WiFi card?

“I am also able to run hostapd via the console and create a wifi network.”

You do not need this for nic with a wired AP.

Am not sure how to setup wifi as a WAN red network connection. But I don’t think you need hostapd.

1 Like
8

I don’t use it but there is a Wiki describing how to set this up:

1 Like
9

This is what I enter to start Hostapd via CLI: /etc/init.d/hostapd start
(or the same but with stop, to stop it from running)

My wifi card is called “Ralink Technology, Corp. RT5572 Wireless Adapter” and I’m able to see the wifi and I’m able connect to it using my laptop or phone.

10

Yes, I have two nics and one wifi card.

One nic is assigned green, the other one red, the wifi card is blue.
(Two LAN-Ports with different MAC-Address each & a pair of antennas)

I don’t have any external AP, I’m essentially trying to turn my firewall into an AP

11

It works now!

The DNS part in the DHCP configuration for the blue network was the wrong IP Address.

Also, I added a firewall rule with Source 192.168.0.0/24, NAT enabled to Red and the Destination as the Red network.

1 Like