The well-known link is bugzilla.ipfire.org 
Bug 12451 has been logged for review referencing this thread of convo.
Thx
1 Like
Eric,
A second thought: the solution basis was No Password and Unrestricted IP addresses): 192.168.5.2 (Blue) 192.168.2.2 (Green) 192.168.8.1 (red).
The worry is Unrestricted IP addresses might by pass the firewall, which in-itself defeat the Firewall.
What’s your thought?
Hi Kenneth,
To prevent a hodgepodge of confusion between topics, could you create a new thread topic for IPS if that happens to be what your asking.
Be happy to help, just trying to prevent confusion on that front.
Eric
1 Like
Thanks Eric,
- New Topic added. and have received an idea to
test an eicar web page; firewall blocked access to
that page but no reason was given in the Log file
since eicar is not part of the rule-set. Hmm?
Meanwhile checked a few DNS Protocol and that
caused 100s of log results - regretfully way
too many.
- regarding our conversation about the Cache Management
could you please reconfirm adding the cache’s IP to the
White List (that IP 192.168.2.2 is the BLUE Wireless).
Doesn’t adding that to the Whitelist defeat the Firewall?
I’ve removed that IP from the white list thinking to
add it back when it is necessary to examine the cache.
Looking forward to your reply,
Ken
If your referring to the Unrestricted IP box in the Web Proxy settings, that is for a single IP . x.x.x.x/32… The box above it is for the Full Network /24. Those Group boxes are a subset of the Cache Manager, not Browser Traffic. They should have named it something like “Allow access to Cache Manager” to prevent confusion.
#2.
It is so it can process the traffic flowing through it, if I am hearing what your saying. I would try to remove the IP, recycle services, test, and if it works correctly, leave the entry out. If not, put it back and recycle services, test and see if it again works.
When you say whitelist, I am assuming you mean the URL filter settings. When I remove my Interface IP x.x.x.1 for Green from the URL Whitelist box, this happens and it won’t load.
When I add the Green Interface Back to the URL whitelist x.x.x.1, this happens and works.
Additionally, all sub URI’s for cache manager load fine then
Kenneth,
If you have Started an IPS thread, can you give me a link so I can go look?
Eric
If Bernhard is still monitoring maybe he can confirm or set me straight if I am wrong. I would have thought the GUI would take into consideration its other parts, but this is just a front-end GUI to several linux networking tools. The fact that I can literally cause the cache manager menu to not work by removing my interface IP from my whitelist is strange. On the flip side of the coin… you may be right. I am confused myself at this point.
Eric,
yes I am monitoring this thread. But I can not follow your considerations about whitelists, blacklists, …
The topc is “Cache Manager Menu For Proxy Not Loading”. And we found, that there is a problem, if you set a password.
This is the solution, I think.
All other considerations belong to other issues.
- Bernhard
Thanks for your reply Bernhard. Kenneth, can you create a thread on the Whitelisting issue?
The Link
REGARDING THE CACHE MANAGER.
THE CACHE MANAGER IS NOW (FOR THE MOMENT AT LEAST) WORKING.
THERE IS NO PASSWORD
THERE IS NO IP ENTERED INTO THE WEB PROXY
THERE IS NO IP ENTERED INTO THE URL FILTER
YET THE CACHE MANAGER WORKS
THE ONLY CHANGE WAS TO HAVE DISABLED THE INTERNAL PROXIES
ACCESS TO GREEN . ACCESS FROM BLUE
PICTURE OF CHANGE
CASE SOLVED. CASE RESOLVED.
Because I’ve not disabled the internal proxy access, the solution is
Use a blank password
Kenneth,
The only problem I see is that if you have the boxes checked to disable internal proxy access to green or blue, might cause a problem.
This is somewhat a normal design, and this potentially may be your configuration. I don’t know, but in this architecture, there is a switch setting off the blue connected to a wifi access point only on its WAN port.
OR
It could be like this, where there is a physical WiFi Card in the Firewall broadcasting its SSID, on the Blue Interface.
OR
It could be like mine which is different and I have my WiFi WAN port running to the same switch that the network is hosted on. The DHCP of the WiFi is 10.x.x.0/24 and the DHCP of the LAN is 172.x.x.0/24, but both flow through the green interface.
What I am saying is, depending on your architecture design, will dictate what options should be enabled or disabled.
Eric
You cannot have two networks on green!
And what is the firewall on the red network?
Your second picture is a standard configuration for IPFire. The first picture is also standard if your “switch” on blue is an AP.
Your third picture, which shows your architecture is very “special” and should be explained a much more, to hold as configuation advice.
-Bernhard
Hello Bernhard,
Yes, that is how I chose to design my internal network. Works like a charm too. Wifi is isolated on a second network on green behind the wifi access point I have. Its a special high powered wifi router.
Eric
Berhhard,
When I get a few minutes I will throw together a quick diagram as to how I have it laid out.
Eric
Eric, some postings in other threads don’t sound as “working like a charm”