Bypassing ipFire momentarily

Hi All,

I just got ipFire up an running between my gateway router and my cable modem.

Some things on my network, i.e. Nest thermostat, and a few other things, are not working yet.

I would like to keep the ipFire firewall server operating, but would like to bypass everything until I get the bugs worked out on the things that are not working yet.

Any easy way to turn the firewall on and off, i.e. put ipFire in pass thru mode?

Can I create a firewall rule to pass all services from my gateway router to the cable modem and vice versa?

I would noot like to disconnect and reconnect everything while in debug mode.


There is no way to simple bypass because IPFire is based on NAT Routing/masquerading. (The whole green and blue networks are hidden behind one red IP address.)

In default setting all access from green to red is allowed. In the other direction you need in every case rules because without a DNAT rule IPFire not know which client should get the incomming connection.

Thanks, Arne, for the information.

I’m just a retired chemical engineer struggling to put together a secure network at my home. Much of this internet stuff is difficult - my original exposure to computers was in 1967 when I did fortran programming using punched cards on an IBM. I bought a microcomputer in 1977 for $3,000 with 64k of memory, 8-inch floppies and a charater only terminal!

So there is no BRIDGE mode in ipFire like there is in my cablemodem.

I was hoping that ifFire would be a magical black box that I could add to my internet that would keep out all the bad guys, Not to be. I had a double NAT situation before and with adding the ipFire system between my cable modem and gateway server I created a triple NAT situation! I’m amazed that anything works. I might try putting my cable modem in bridge mode to see what happens.

Thanks for your help.



first, welcome to the IPFire community. :slight_smile:

The first is (un)fortunately not the case: IPFire is not a thing you set up and forget all about it.

Since we have no idea about our users networks and desires, we can only provide a rather open default firewall ruleset. A while ago, I wrote a blog post on how to set up a secure firewall ruleset - perhaps it might be of interest:

Ouch, triple NAT. It probably works for most of the things most of the time. Especially when it comes to connection tracking (often necessary for VoIP calls) or reaching internal network services from the outside (such as IPsec or OpenVPN), things might become tricky… Just saying. :slight_smile:

Thanks, and best regards,
Peter Müller

Hi Peter,

Thanks for the information. The problem is compounded by my incomplete understanding of how servers and firewalls work. I learned a lot with my recent experience with ifFire.

I am really impressed by the ipFire firewall - it worked really good when I had it working.

I think I will install ipFire as my stand-alone gateway router. I have extra server boxes so this is easy to do and I can always readily go back to what I had. The value of a strong firewall is increasing with time.



Consider the setup, [ cable modem ] — [ ipfire ] — [ your lan, desktops, laptops, nest, TV ]

In ipfire:

  • red is dhcp (will pick an ip from the modem, some public ip)
  • green is configured as dhcp server for internal, say -
  • configure an AP as, anything connected to it will get an ip from ipfire
    (you can add static ip’s from .3 to .19, printers, etc)

Access ipfire with from any internal client, set up dns and you’re good.

added pretty picture…


Replaced my gateway server with a ipFire gateway server. Took 10 minutes to install, and another 20 minutes to configure. All my hardware, including Nest thermostat, smoke detector, doorbell, etc. works right from the start!

I am getting a lot of firewall hits from China! I like the pie charts!

Thanks everyone for helping.

Dan C