I need to connect 4 IPFire boxes together. I have four offices and I need them to be able to communicate to the first office. I am very new to this and any input would be greatly appreciated. Cheers.
Welcome to the IPFire community.
Do all 4 IPFire boxes have a public IP address?
1 Like
Thank you for your response.
Yes they do. They each are in a remote location and have a static IP.
Have you read the following WIKI pages?
2 Likes
I will definitively try this and I will let you know. Thank you for pointing me out in this direction!
1 Like
Do you use only RED, GREEN zones?
edit
One little hint:
The local network addresses of each office must be different.
3 Likes
Yes, only Red and Green.
1 Like
They connect fine but I am unable to ping the opposing green network from either box.
Are you getting ping responses from IP addresses of GREEN interfaces?
Do the hosts allow connections from opposite networks?
Hi, Thank you for the response. Not sure how to do this “Do the hosts allow connections from opposite networks?”
the green networks must have different LAN IP range. Is this the case?
1 Like
Network one Green interface 192.168.1.x
Network two Green interface 192.168.2.x
I am not getting responses from green networks. Neither green can ping the other.
Have you carefully followed all the steps in this Hub & Spoke tutorial, including configuring the necessary firewall rules at the headquarters?
In a Hub & Spoke network architecture, multiple branch offices (e.g., A and B) are able to communicate with each other by routing their traffic through a central office, known as the headquarters. The headquarters plays a crucial role in this setup. It performs Source Network Address Translation (SNAT) on incoming packets from any branch office. Specifically, the headquarters replaces the source IP address of each incoming packet with its own internal IP address before sending these packets through the IPSec tunnel to the destination branch office.
When the destination branch office receives these packets and responds, it sends the response back to the source IP, which, in this case, is the headquarters. The headquarters then looks up its translation table to reverse the SNAT. It substitutes its own IP address back with the original source IP address and forwards these packets back to the originating branch office.
In your scenario, where you have four different offices, the same Hub & Spoke model can be expanded. You would just need to add the additional offices into your configuration and apply similar SNAT and firewall rules at the headquarters. Understanding the core routing and NAT mechanisms is essential for setting this up correctly.