DROP_INPUT from orange to orange?

robidoo · 25 November 2020 20:50

I try for hours to get a connection from local machine (green 192.168.100.2) to a motioneyeos raspberry (orange DMZ) 192.168.200.3 but it just will not work out. I set 192.168.200.1 as DNS.

It works out fine on normal router but on ipfire orange as 192.168.200.3 there is no-go

E.g. why is this INPUT being dropped within DMZ Zone - i have no rule to deny that.

DROP_INPUT orange0 UDP 192.168.200.3 192.168.200.1 45502 53(DOMAIN)

datamorgana · 26 November 2020 07:54

I’m experiencing the simiar issue in “blue” and have no clue…
See also: Strange DROP_FORWARD messages within same segment

pmueller · 26 November 2020 09:11

Hi,

it looks like your GREEN and ORANGE zone share the same subnet (192.168.200.0/x).

Please assign different subnets to each other - does not have to be a full /24, although this is the most common setup -, reboot your firewall machine and try again.

Thanks, and best regards,
Peter Müller

robidoo · 4 February 2021 18:11

No, green is 192.168.100.0/x and orange 192.168.200.0/x.

But thanks for the guess.

hvacguy · 4 February 2021 23:33

There is no DNS on Orange.

Devices in Orange need other DNS like 1.1.1.1

jon · 5 February 2021 04:03

Also see:
https://wiki.ipfire.org/configuration/firewall/rules/dmz-setup#notes