So I have this network at home, consisting of a box with internal network address 192.168.0.0/24, both for ethernet and wifi network. Behind this, I have a machine running Ipfire, with my personal network behind : my computer, a personnal Debian NAS and a network printer, on network 192.168.10.0/24.
I’d like users of the wifi network to access the laser printer. So I need to open a route between the two networks.
I added a route on my personal computer:
ip route add 192.168.0.0/24 via 192.168.10.1 dev enp3s0
and I can ping a laptop connected to the wifi.
But when I try the same trick on the laptop:
ip route add 192.168.10.0/24 via 192.168.0.10 via wlp1s0
(192.168.0.10 is the red address of my IpFire box), I can’t ping a machine on the 192.168.10.0 network.
Can someone point me to a direction where I could find answers to this problem ?
Hi. Thank you for your answer.
I read the page, but don’t quite understand how to do it. I’m not really an expert in network.
If I understand port forwarding correctly, it means when the firewall receive a message for a designed port, it forwards it to the correct machine on another (or the same) network, with maybe a new port. This can be used to direct http request to the machine hosting a web server, IIUC.
What I would like is all machines on the 192.168.0.0 network communicating freely with the machines on the 192.168.10.0 network. And I don’t see how I can do this with your solution.
I added a schema of my configuration. With a proper route set, My machine can communicate (ping) with the Laptop. But the Laptop can’t do the same.
Maybe it’s very simple and I don’t see it, but I don’t have a clue what to do. And after this, remains the fact that the 192.168.0.10 address of the RED interface of the IPFire machine is given by the DHCP server of the box. This machine doesn’t rebbot often, but its address and the address of the Laptop may vary from time to time…
If I may add my 2 cents, you want ANY on the 192.168.0.* to access ANY on the 192.168.10.* Then, may I ask what’s the reason for the firewall? The left side of ipfire is RED, the right is GREEN. ipfire is designed green => red but not the opposite (which is achieved with port forwarding).
May I suggest you move ipfire further left so that RED connects to Internet and GREEN gives access to all your systems. You can configure ipfire as a red/green (just 2 nics). You can connect an AP to the switch so that it provides wifi to the 192.168.10.* network. Just a thought …
Yes, I realized this. Problem is the WiFi access point is the one inside the Internet Box, so I can’t move it after the IPFire point.
I have one other AP, but not for the moment (confinement…). Or I could limit access to the printer only, but I don’t know what port it uses for communication. Maybe move the printer BEFORE the firewall…
