Allow port 80,443 from Red to Green

Hi @egutierrez ,

It is one option but usually this setup is used.

If you adapt them to the virtual environment then yes.

Click this link:

If you really want to connect to this setup from the real world outside (like from your mobile phone) and I really do not recommend this cause it is highly unsecure and basically a “please-do-bad-things-to-me” invitation you have to make a port forwarding for 80,443 on the router to the RED interface on IPFire.

1 Like

As a teacher using IPFire as tool for vocational education you have surely found the followings links yet

They should answer much of your questions.

1 Like

As i know as i have read, we must put the web server in orange ( dmz).
So if we put an apache server with myempresa.com for example with some kind of html page, then people from outside the lan should be able to get and connect to the web. Also mail server should be in the dmz, and similar reason, people or employees from internet should arrive or get their mail.

That’s the reason why i want to open red to orange, except if better opinion or experience is explained.

I have read that tutorial but its not possible to open red to orange…it says that

Your screenshot shows a rule allowing the whole of red, ie the whole Internet, to access the whole of green, ie every pc on your green lan network.

You need to create a rule per ip in orange and per port.

You will need one rule for your web server, another rule for your mail server etc.

If you want http and https for your web server you will need one rule for each.

1 Like

Which tutorial?

Sorry i meant:

Thanks i think i got it…
Its not an “easy rule” to pen connection from red to orange in port 80…

As wiki.ipfire.org - Setting up a DMZ states, you have to define a rule for each server in the DMZ.
DNAT to a network doesn’t function. Which IP should answer to this multicast?

1 Like