Beginner Interface Configuration Issues

apollotheundead · 9 November 2020 00:05

Hey guys, I could use some MAJOR help with configuring IPFire on a Raspberry Pi. I am placing an IPFire-based firewall & IDS (Mounted onto a Raspberry-Pi) on a segment of my network.

My router (a Netgear Nighthawk AC2300) serves as a DHCP server with my private IP pool ranging in the 172.16.0.0 255.255.255.0 range.

I have this setup like:
(modem) —ethernet— (Router) —RED ethernet— (Raspberry Pi) —GREEN ethernet— (End Device)

RED: 172.16.0.17 255.255.255.0
GREEN: 192.168.1.1 255.255.255.0

(I have it set up in more of a testing environment than anything. I want to become familiar with the technology before I deploy anything as a bastion firewall).

I have DHCP setup on the green interface. DNS is setup up to IPFire’s DNS proxy with Google’s DNS as a secondary.

However, whenever I try setting up my RED interface I am having a terrible number of issues. I tried setting the RED interface to grab an IP Address from the router’s DHCP service (Setup > Networking > Address settings > RED > DHCP (No gateway configuration). This unfortunately fails (dhcpcd runs on the red0 interface and fails to get an IP). At that point I tried setting the IP statically: 172.16.0.17 255.255.255.0 (within the router’s IP range) with gateway of 172.16.0.1 (My Router).

However, when I try to ping my router/the gateway from the IPFire device, I get a reply from 172.16.0.17 saying that the Destination Host is Unreachable. The same result occurs when I ping Google’s DNS (8.8.8.8). When I try to ping my green interface’s end-device, all packets are lost.

Please, I have checked EXTENSIVELY for weeks on what could possibly be wrong to no avail. Does anybody have any advice/suggestions? I need a fresh pair of eyes looking at this.

Thank you!!!

anon42188109 · 9 November 2020 00:40

My suggestion is to configure nighthawk as an AP only (no dhcp). Then, setup the pi with a static ip.

public ip -- nighthawk -- 172.16.0.1
                          172.16.0.2  red --pi-- green 192.168.1.x
                                            pi will provide dhcp/dns to clients

you could have an alternate setup:
modem -- (red) pi (green) -- nighhawk (as AP 192.168.1.5 offering wifi)

keep 192.168.1.1-9 as static (AP, printers, nas)
dhcp green 192.168.1.10-250  all clients (wired, wireless)

apollotheundead · 9 November 2020 00:48

Thank you! I will test that right away, and I’ll get back to you as soon as I do.

hvacguy · 9 November 2020 00:49

Does your Nighthawk have a DMZ feature?
Put your Pi’s red interface in the DMZ of your Nighthawk.
You are checking from the green interface?

apollotheundead · 9 November 2020 02:15

I am able to configure one, yes.

However, all of my tests have been from the IPFire’s native command line interface

jjdoran · 10 November 2020 13:46

Hi Justin,

Check the interface is up.

Try running a tcpdump and watch for DHCP packets.

tcpdump -vnes0 -i red0 port 67 or port 68

You should see DISCOVER, OFFER, REQUEST, ACK packets.

HTH
Joe.

apollotheundead · 11 November 2020 18:48

So I believe I found the issue. When configuring my network drivers, IPFire did not recognize my Raspberry Pi’s ethernet ports. However, my router did not want to communicate with the USB to Ethernet adapter I was using. Now this sounds very, VERY janky, but for my project it will work (testing this pre-emptively before I deploy it). I assigned my RED interface to a wireless network and configured that through the client web GUI. Now I’m passing traffic just fine.

Seriously, thank you all so much for your advice. It was your suggestions that got me on the right train of thought for this workaround.