I have an ISP with a range of IP´s - 217.xxx.xxx.192 - 217.xxx.xxx.198
.193 is the gateway-adress
.194 my first useable IP (for the mailserver behind the IPfire)
.195 not used/free
.196 my webserver
.197 not used/free
.198 Broadcast
My Setup:
RED 217.xxx.xxx.194
GREEN 192.168.0.200
Gateway 217.xxx.xxx.193
DNS from my ISP
I created aliases for the IP´s from 217.xxx.xxx.195 to 217.xxx.xxx.197
I wrote a firewall rule like
Source: all Dest.-NAT 217.xxx.xxx.196 Destination 192.168.0.201 (my Webserver) TCP 443
I log everything and i see, that i have a lot of bad traffic which is denied/dropped -
but nothing is written in the log about a allow/deny to 217.xxx.xxx.196 or to Port 443.
On Zyxel 4.x USG Devices the name is “Virtual interface”.
Aliases should be the right way to add public/red addresses to IPFire … and for me it worked on a test machine.
Do your firewall/NAT rules have been double checked?
Also: do you configured the right routing for use the right address outogoing?
Would you please consider to take a screenshot? In english, if possible.
Feel free to hide/edit any “personal” information with some understantable placeholder.
No, Ralph. You can believe that if you prefer, but it won’t change that maybe you wrote the exact thing you made, and it’s maybe perfect. But it’s not working as you want/intend.
So, take a look to the firewall rules (which contains also NAT settings) maybe can make me understand what’s wrong in your setup… if there’s anything wrong.
This is my setup, the only rules i have on my test installation
The only Incoming Firewall Access rule is the one i added. 172.31.110.0/24 is my subnet, but for allowing ipFire to update and not mess up i had to connect Green and Blue to virtual devices currently with no phisical connection. Maybe this guest, sooner or later, will land on a host which can be used as environment test.
The installation is a VmWare Player guest, i wrote the Howto on the wiki for helping people to install, gain access and start to configure https://wiki.ipfire.org/virtualization/vmwareplayer
A screeshot like that, redacted from the information that you feel comfortable to hide, maybe it will help me to pinpoint if there’s something to tune-up