BLUE interface question

nfguide · 19 April 2024 23:49

Is it possible to plug in an AP into the blue interface, 192.168.110.1/24, have clients connect to the AP, and traffic passed to the red/outside?

Seems like is should be possible and traffic is not being routed to the outside. Is it possible to plug in a laptop into the blue interface port and connect beyond 110.1?

ipf01/green 192.168.100.66/24 pingable dhcp range - 100.90/100.120
ipf01/orange 192.168.20.1/24 pingable static
ip01/blue 192.168.110.1/24 pingable dhcp range - 110.10/110.30
ipf01/red dhcp not pingable

DNS outside 9.9.9.9 not pingable

Traffic is not getting beyond the ipf01 host from the blue network, and it is entirely possible I have mucked something up along the way.

Cheers,
Neil

rjschilt · 20 April 2024 05:51

Welcome to the IPF community!

What you are wanting to do is totally feasible… it’s how I have my network setup at my home / office.

The only difference is that I have setup my WAP as a bridge and not a router like you have. This avoids double NAT’ing.

Also make sure to do the initial config from Console Setup and also to read this IPF doco: www.ipfire.org - Blue Access.

Let us know how you go.

sec-con · 20 April 2024 05:53

Yes, but I have a separat NIC port for my Blue. So if not , l expect additional considerations will arise.

nfguide · 20 April 2024 06:07

Thanks for the reply and will re-review the link above. One question, router, are you referring to ipfire or the AP?

nfguide · 20 April 2024 06:09

And separate interfaces also.

rjschilt · 20 April 2024 06:21

I was referring to WAP which connects to the the Blue port on the IPF. If you set it up as a bridge rather than a router the devices in the Blue LAN won’t have to NAT. This is my setup… you might have your own reasons for fir wanting a separate subnet on Blue.

nfguide · 20 April 2024 06:48

@rjschilt,

Nope, nothing special or special needs, just attempting to get it working, one for guest internet access only. The green has an AP, which works no problem. Guests on BLUE, non-guests on GREEN.

The AP is an ASUS RT-N12D1 and set to AP mode(In this mode, the firewall, IP sharing, and NAT functions are disabled by default).

Using the ping tool on the AP, the devices on the 110.0 network are pingable, as well as 20.1(DMZ) and 100.66(GREEN) and the public IP(RED) interfaces on ipfire.

When pinging 9.9.9.9 or 1.1.1.1, nothing.

What logs should be looked into to figure this out? It’s like something is set to block the outbound or any connection on BLUE to the outside. Plugging a laptop in the BLUE network directly should work or connect as well, yeah?

Thanks again for the assist. Much appreciated!

rjschilt · 20 April 2024 10:28

Looks like you have a separate submit on Blue… I suspect a routing issue for outbound packets from Blue.

I assume the Blue network is connected to an internal wifi card in the IPF… if this is the case then why not bridge this as well like you have on green?

hvacguy · 20 April 2024 12:03

Have you checked the blue Access config.
You can disable the mac filter on blue.

nfguide · 20 April 2024 15:21

Disable MAC Address filtering for ALL clients

To disable MAC address filtering and allow all clients connected to blue internet access do the following on the Wireless Configuration page:

Entering the blue subnet into the Source IP field and leave the Source MAC Address field blank
Enter the network address and the subnet mask of the blue network interface in CIDR notation. For example **192.168.110**.0/24 for a subnet with a range of addresses from 192.168.110.0 to 192.168.110.255

960×123 23.7 KB

This worked. And I have no clue why this setting is needed. Further clarification would be GREATLY appreciated.

Thanks again for all the assists.

nfguide · 20 April 2024 15:29

Correct, 192.168.110.0/24

No internal card, the Asus RT-N12D1 is a stand alone WAP which is configured in AP mode.

The bridging you mention, I am assuming you are referring to the WAP being set to bridging, which the WAP has been configured to bridging.

Thanks!

pike_it · 20 April 2024 16:19

According to this image…
img281878_06062013161042_1-2334255409

Asus RT-N12D1 is a router, configured as AP according to OP. IMVHO should work “just fine” if the network cable from IPFire to the device is connected into yellow ports, not the blue one.

rjschilt · 20 April 2024 19:57

@nfguide - you able to provide a schematic of your setup? I’m getting a little confused what you have connected to each port on the IPF and how that relates to your TCP/IP subnet addressing.

nfguide · 20 April 2024 21:09

@rjschilt

Hopefully this will help clarify.

tphz · 20 April 2024 21:53

What model of TP-Link 24p switch?

nfguide · 20 April 2024 22:02

@tphz,
TL-SG1024DE

rjschilt · 20 April 2024 22:47

Assuming a single DHCP server for all subnets on IPF?

rjschilt · 20 April 2024 22:52

I also noticed on your BLUE config (on IPF) you have specificed 172.16.1.0 and in your diagrams you have BLUE listed as 172.16.110.0 subnet.

Shouldn’t these match?

nfguide · 20 April 2024 22:54

Correct.

nfguide · 20 April 2024 22:56

I got in a hurry and dropped the first two octets.

All networks are “C” /24, so 192.168.100.0/24(GREEN-INSIDE), 192.168.110.0/24(BLUE-WIFI), 192.168.20.0/24(ORANGE-DMZ).