Can't connect if Green is set to Bridge mode

sandbo · 23 February 2021 12:27

I am installing IPFire as VM in Proxmox.
I have an Intel X550-T2 where I assign the interfaces as virtual functions.
On top of that, I also created a Linux bridge and assigned it as a network interface to IPFire, so in total there are three interfaces. The Linux bridge is to connect to the other VMs under the same host.

I could assign the red with the VF1 as internet and setup the PPPoE, and assign the green with VF2 as LAN. They work together without any issues.

However, as I tried to add the virtual interface, I must set the Green to bridge mode. Before adding the virtual interface, I set the Green the bridge mode and rebooted IPFire, afterwards I cannot connect to IPFire anymore (At this point, the virtual interface hasn’t been added yet).

The above same setting works well on ClearOS.
Was there anything missing in the setup?
The version is
IPFire 2.25 (x86_64) - Core Update 153

arne_f · 23 February 2021 15:33

The bridge mode for green is to create a bride if IPFire run as host for orther Virtualisations (qemu/libvirt addon) or if you want to add more than one NIC to the green Network. On Proxmox you should set green to native.

sandbo · 23 February 2021 22:11

Problem is I cannot have two NICs without setting it to bridge mode. And yes I want two NICs (VF+virtual interface) in the green zone. In ClearOS I had them as two interfaces each having a different address range, i.e. 192.168.1.0/24 and 192.168.2.0/24

Another reason I can’t use Proxmox to share the internet is I am using sriov and the VFs are hidden from Proxmox.

For other VMs I can assign them also the VFs for lan, but for LXC it is a bit trickier so I prefer using Linux bridge which doesn’t not work here with IPFire.

pavlos · 23 February 2021 22:26

I don’t understand your setup but in proxmox, this is my network. VM’s attach to br2 or br3.

sandbo · 24 February 2021 01:20

Sorry if I sound confusing:
In your cases, did you have to assign vmbr2 and vmbr3 to IPFire?
I am doing exactly this and IPFire then fails to connect via LAN afterwards (as soon as I set Green to bridge mode which is prompted by IPFire’s webGUI). In fact, it failed even before the attachment, it’s just as soon as I set the Green to bridge mode, so it looks like IPFire didn’t like the VF of X550-T2.

After the reboot I could still access the console, maybe there is something I can look at?

pavlos · 24 February 2021 01:41

You can use a blue network as green 2.
I selected 4 interfaces, assigned red, green, blue (as green2), and orange.
Take a look at the networking table, wiki.ipfire.org - Network topologies and access methods

sandbo · 24 February 2021 04:12

Thanks for the suggestion, I will try it later when I have a chance.

From what I learnt earlier, blue was intended to be use by Wireless interface, but from your links it seems to be identical to green in most situations. Are they essentially the same, and green/blue is only for identification?

pike_it · 24 February 2021 04:34

Green, Blue, Orange, Red.
Inner → outer
As default, you can go from left to right, but not viceversa (unless you create firewall rules)

sandbo · 24 February 2021 06:40

I see, that should be a sufficiently good setting for me; I probably don’t need to access a physical client from the VMs, rather the VMs are servers to be accessed by physical clients.

arne_f · 24 February 2021 07:46

There are differences in the default policy. (green is allowed to connect to all other zones, blue only to red and orange) But you can create user rules to change this.

Blue has also a enabled Mac Addressfilter (can disabled under “blue access”)