DHCP server only

hvacguy · 20 March 2023 22:44

I would like to add a 2nd IPfire inside my DMZ network.
Setup Red Green
DMZ in ipfire 1 = 10.10.6.1
Red ipfire 2 fixed ip in DMZ = 10.10.6.10
Green ipfire = 10.10.6.100-10.10.6.200

Is Geen only a install option?

bonnietwin · 21 March 2023 08:43

I am not sure that I am understanding your description.

It seems that you are trying to create a dmz as a selection of IP’s within your green subnet because you are mentioning IP’s for your DMZ that are in the same subnet as your green IP’s.

If that is the case then you won’t have a dmz as I would understand it because everything will still be in the same single green subnet 10.10.6.0/24

Maybe you could provide a diagram of what you are trying to create.

hvacguy · 21 March 2023 10:47

DHCP.drawio

hope this helps

bonnietwin · 21 March 2023 12:47

Yes the diagram helps.

What I don’t understand though is why you have put a DMZ Gateway machine onto the Orange network on IPFire1.
I would think that the simplest approach in your situation would be to connect the lan connection of IPFire2 to a switch which is connected to the Orange connection on IPFire1. This way the dhcp server on IPFire2 can serve the orange network computers.

The DMZ Gateway with two network cards on the same subnet is just acting as a bridge unless you are adding routing software into that Gateway but then the two subnets need to be separate.

IPFire2 is shown as having the same subnet on both WAN (RED) and LAN(GREEN) and I don’t believe that IPFire will work correctly with that as the software is written to act as a router between the different network ports.

The post title is “DHCP server only” and you talk about adding the 2nd IPFire to your DMZ network. This suggests that you want to use IPFire2 purely as a dhcp server for your DMZ Orange zone on IPFire1. The simplest approach to this would be to just connect the Green network of IPFire2 to the Orange network connection of IPFire1. The setup of IPFire2 has to have as a minimum Red and Green. However you can leave Red disconnected and only use Green if you are only interested in using it as a DHCP server. Red will show up as disconnected after the 60 second timeout when it doesn’t get any connection signal.

I am doing something similar but I am using a RPi on Orange as my dhcp server for all Orange clients.

chrisk1 · 22 March 2023 08:08

@hvacguy
I don’t get the figure what you want to achieve in the end. So, what’s the abstract goal? Do you need a separated subnet with DHCP enabled and want the rest of the “orange” net to be without DHCP? Is that correct?

Besides, I also double what @bonnietwin said: It won’t work until there are subnet boundaries between the different interfaces. Routing will not work and thus the packets from “IPFIRE 2” will go nowhere.