Downloads Blocked, ICMP, DNS resolution allowed

Community
1

Hi there,

I hope you are doing well. I have just started using ipFire, I have a bit of an odd setup though.

I have a router facing the internet, another connected to the first, and then ipFire behind this second router. This means that RED and GREEN are both private IPs. The only thing here to enable proper routing is that the router in the middle has a static route to reach GREEN.

I have a machine behind ipFire that can ping google.com and do nslookup. However, when I download anything, with curl, get, or try to install something via apt install it connects but stays hanging. I have monitored the red network for peaks while attempting to download and in fact, it jumps from 30kbs to 100kbs consistently when downloading so this is not a routing issue.

I am a little lost as to what I should do now. From what I’ve seen GREEN should allow everything that comes from inside by default, however, I am wondering if having private IPs on both sides is causing issues.

If anyone could help me with this it’d be great.

Thank you!

2

Welcome.
Do you have a working “Domain Name System”?

3

Hi there,

Thank you for answering.

I am not too sure what you mean by a working DNS. The first router, exposed to the internet is reachable by its domain name, but also its IP.

Apart from that ipFire has the default setup except a rule to reach the web from RED. I had to enter a domain name to IPfire during setup

ipFire can download things from the internet just fine too, the problem is happening with things behind it, in GREEN.

The machine with the problem can resolve DNS just fine though.

I thought that it could be a NAT issue but ipFire should keep sessions coming from GREEN by default, although I’m not sure.

4

I think this page on ipfire was meant to show whether the DNS works.

Screenshot (1042)
Screenshot (1042)1121Ă—824 134 KB

2 Likes
5

Here is the wiki page.

6

Hi there,

Thank you very much for the suggestion! I had it in recursive mode, now I have it in working mode, however, the same problem persists.

Do you know what else could be causing this issue or where could I start troubleshooting in terms of logs etc? The proxy is turned off and settings in general are as default.

I appreciate your support :slight_smile:

7

Can you give a screendump?

8

Yes of course, here is the symptom where I can ping and do an nslookup but not download:

image
image734Ă—493 15.4 KB

The aren’t any rules in the firewall just now but I have tried allowing both networks on both sides, I haven’t tried much with NAT though as I assumed this would be working.

Please let me know if other screenshots would help to troubleshoot this.

9

I should have been more explicit. A screendump of your DNS like Mum Pitz did.

Also what are your Red and Green IP’s?

1 Like
10

Sure thing, here it is:

image
image967Ă—226 9.5 KB

Thank you for the help!

11

I’m still trying to get my head round this one. So you have:

Internet ----- Router A ------ Router B ------ IPFire

What the subnets for Router A LAN/Router B WAN, Router B LAN/IPFire WAN and IPFire LAN?

What is your Static Route in Router B and the corresponding firewall rule in IPFire?

1 Like
12

Hi there!

Thank you for keeping on top of this and for the help :slightly_smiling_face:

Today I found the solution, it turns out that the VM and Router B had mismatching MTU sizes, as I was new to IPfire I thought the problem was in the thing I didn’t know.

After proper inspection that came up and everything is working well.