Blue to green pinhole

paul · 7 July 2023 10:38

My system have three nic, one for red, one for green with 4 ports in bridge mode and one for blue, the blue nic connected a hardware AP, the green zone connected a nas and a computer, all the mobile devices and laptop connected to the AP, all device in green and blue zone can access internet, I need to connect the laptop to the nas, so I set up blue to green pinhole follow the official instructions, I have confusing on soure and destination, because blue and green should communicate bidirectional, so I follow the instructions set the blue as source and green as destination, I use ip address set up the firewall rule, but the blue and green zone can not communication, any suggestion.

trash-trash · 7 July 2023 11:05

@paul
Wellcome to IPFire.
Should they communicate bidirectional? Means that your computer at green should communicate with your blue eth and the mobile to geen too. But usually you just need the NAS reached by blue there the mobile devices. Please explain more.

If you need all ports and no restricts:
Usually you have at proxy the option to allow blue and green to communicate eachother. How about this?

Please add screenshot of your forwarding.

BR
Trash

paul · 7 July 2023 12:25

Hi, thank you for your reply, the system is a frash install and set up, I have not configure it, i am not an expert on networking , so i am searching the tutorial online, i am more than happy if you can guide me step by step or give me any resources to follow.

Thanks

從我的iPhone傳送

g70p · 7 July 2023 12:40

If you don’t need firewall funtionality between those devices I would try to set up portforward between them in out out in.

trash-trash · 7 July 2023 12:45

Please try to answer my questins of my last post, to what you need.
Is it in general, that you need an bidirectional communication for all devices at blue and green? Two way communication for all, from green eth to blue eth and blue eth to green eth?
Or for just blue to green? One way.
Or for just some a device at blue 1x phone to green 1x NAS?

For your info:

Proxy:

Firewall rule example:

BR
Trash

paul · 7 July 2023 13:14

Hi,

Can you tell me more details, I am not a export on networking.

Thanks

Paul

從我的iPhone傳送

hvacguy · 7 July 2023 13:50

Not true.
See default-policy.

You need a pinhole from
“Blue” laptop ip or (Any)
To
“Green” NAS ip. Or (Any)

You can limit this more buy port.
If you only need one port.
If you need multiple ports
You can use the “service group” feature

trash-trash · 7 July 2023 15:26

@paul
From the blue eth, a device at blue, or the subnet of blue for whole blue eth … To the NAS IP at green.

BR
Trash

tphz · 7 July 2023 17:28

Please do not forget the following page

paul · 8 July 2023 01:51

I finally solved the problem, after read the wiki again, I found that I config the dhcp wrong, I narrow down the ip range and exclude the dns ip, then set the blue to green pinhold, my nas has a fixed ip, I try to connect the mac mini which in the blue zone with the nas, but it can’t search the nas, I manually type in the nas ip address and it work, thanks for your help.

May I ask another question, since I don’t have public ip from my ISP, I can’t use openvpn, I know that ipfire is not a standard Linux, can I install tailscale on the base kernel.

Thanks for your help again.

Paul

從我的iPhone傳送

trash-trash · 8 July 2023 08:48

Hi Paul
Thanks for info and feedback, good news.
Please mark this topic as solved, and you can start an new topic with your new question.
Someone had solved such a matter and can give you answer, hints or suggestions.

BR
Trash

cfusco · 8 July 2023 11:01

To enable access to your NAS via a local DNS name in IPFire, you could follow these simple steps.

Ensure that the fixed IP of your NAS falls outside the DHCP server’s assigned range but remains within the green network range. For instance, if your green network is 192.168.1.1/24 and your DHCP server assigns IPs between 192.168.1.100 and 192.168.1.254, you could set up your NAS with the IP address 192.168.1.10.
Navigate to the IPFire interface at Network -> Edit Hosts.

Fill in the Name (e.g., NAS), IP address (e.g., 192.168.1.10), and, if you want, a Description to help identify the device. Click ‘Add’ to save the changes.
```
Name: NAS
IP: 192.168.1.10
```
The Unbound DNS server in IPFire will then associate the specified name (e.g., nas.localdomain) with the assigned IP address (192.168.1.10), or with any private domain you have configured.

Ensure your blue network devices are using the IPFire’s DNS server for correct domain name resolution. Once set up, your NAS should be accessible via the chosen name (e.g., nas.localdomain) from any device within your network using the IPFire as their DNS server.