Connect 2 homelabs; help with fw rule, please

Networking
1

Dear community,

I’m trying to connect 2 homelabs. My configuration looks like in the attached illustration.

I have to fritz boxes connect per ipsec vpn; the vpn is up and running.

What works:

  • homelab A can connect to my testservers in front of ipfire (e.g. ssh 192.168.222.10) (green 1)
  • homelab B can connect to homelab a (green 2)

What doesn’t work:

  • homelab A cannot connect to homelab B (e.g. ssh 192.168.178.20) (red 3)

I guess IPFIRE is blocking the connection like it’s supposed to.

In my understanding I need to:

  • define a static route on Fritz box 7430 (192.168.222.1) to IPFIRE (192.168.222.2) as Gateway to 192.168.178.0/24 (see attachment)
  • create a firewall rule on IPFIRE:
    Input: red interface
    Forward: 192.168.178.0/24

Unfortunately I cannot get it to work. Can someone give me a hand please?

Thanks in advance, Joey

20251020_netzwerkarchitectur_bergwerk
20251020_netzwerkarchitectur_bergwerk2560×1440 187 KB

20251020_133647_screenshot
20251020_133647_screenshot1573×274 29.6 KB

2

:thinking: I wonder if the 7530ax has information about where the 192.168.178.0/24 network is located?
Maybe this route should be added to 7530ax.

3

Thank you for your proposal!

I tried to add a static route like you described … unfortunately the proposed route doen’t seem to be valid.

20251027_154024_screenshot
20251027_154024_screenshot646×205 8.84 KB

20251027_153650_screenshot
20251027_153650_screenshot646×420 20.6 KB

4

Try change 192.168.222.1 to 192.168.222.2

5

Unfortunately the route to 192.168.222.2 isn’t created either.
The error ist the same: “The route is not permitted”.

6

:thinking: Can you show the current routing table in 7530ax?

7

Another solution/workaround occurred to me – setting up a second Net-to-Net tunnel between 7530ax and IPFire.