Hi guys
Happy new year 2025 ! am new to IPFire
I am familiar with the zone concepts of IPFire (similar to the zone concept of Cisco Pix FW). Could I ask if I can have two IP subnets within the Orange zone or only one subnet per zone ?
e.g. can I have 192.168.1.0/24 and 172.16.1.0/24 within the Orange zone ?
Why? I want to separate my game subnet from my mail subnet
Thanks very much
Well, you would add a gateway ip address to the network interface name (orange or orange0 if it is a bridge).
We first need to find the interface name for the current DMZ/orange gateway address. Lets say, this address on the main screen says 192.168.0.1
ip addr show | grep "192.168.0.1"
it will return the interface name in the results:
inet 192.168.0.1/24 scope global orange
Then add your gateway ip to your new network, 172.16.1.0/24. We’ll use 172.16.1.1 as the gateway ip:
ip addr add 172.16.1.1/24 dev orange
Then if the address pool needs internet, add source 172.16.1.0/24 to red allow in firewall rules.
That is how you would add it manually in a SSH shell. Of course there are other entry methods, but I would try to execute the ip command at startup (in (rclocal) instead of editing the config file that will be overwritten.
on the static clients 172.16.1.0/24 network, you would assign the gateway address 172.16.1.1 and the DNS route on orange which would be 192.168.0.1
Thank you Dave - and much apologies for the late, late reply.
I have been busy getting the FW to block the bad guys out of my Orange DMZ and have also been busy troubleshooting IPS (which has not been logging anything since it was enabled about a month ago).
I will try to implement your recommendations and let you know if I can make it work.
Thanks very much again
Using the setup tool and the WUI, you can only have one subnet per zone.
1 Like
Thank you Adolf for confirming my understanding - the way IPFire is designed and engineered I can have only one subnet per zone