Dynamic dns firewall rule

himurae · 8 August 2023 18:40

hello guys just installed ipfire today happy with it coming from opnsense ,can you guide me i have setup a no ip dynamic dns it seems to update my wan ip but i cannot access from outside the network how to make a firewall rule ,i made similar in opnsense allowing https

bonnietwin · 8 August 2023 18:46

Hi @himurae

Welcome to the IPFire community.

To access a machine in your network you need to create a Port Forward Rule.
https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding

himurae · 8 August 2023 19:26

still no luck cant access the firewall from my mobile network even though dns client is green and updating wan address

bonnietwin · 8 August 2023 19:32

What is it that you are trying to access from the internet.

In your port forward you have made the destination the firewall red interface.

Normally if the protocol you are forwarding is https then there should be a web server of some sort on your green network and so your destination should be the IP Address of your web server.

If that is not what you are trying to access then it would help if you could explain a bit about what you want to access on your network from the internet.

tphz · 8 August 2023 19:38

himurae · 9 August 2023 03:47

Thanks a ton guys i figured out finally great firewall will report back with more queries by the way my reason to come to this firewall was because free bsd cannot handle ppoe links of 1gbps cause it is single threaded

himurae · 9 August 2023 04:13

Thanks man you made my day now i am gonna explore this firewall more and report back

bonnietwin · 9 August 2023 07:47

Hi @himurae , then I understand you are wanting to access the IPFire WUI directly from the internet.

Just a caution about this. With that setup anyone on the internet can try and access that WUI and use Brute Force tactics to break the password.

The recommendation is not to open the WUI directly to the internet.
https://community.ipfire.org/t/request-add-2fa-to-login/10142/7

A better approach would be to use a VPN roadwarrior connection to access the WUI from the internet.
https://wiki.ipfire.org/configuration/services/openvpn

However, if you do plan to keep the WUI directly accessible from the internet then I would recommend the following:-

Set your WUI password to be a really ““STRONG”” password so that the Brute Force approach will take longer.
Install the Guardian addon - https://wiki.ipfire.org/addons/guardian where you can set it up to block users who get the password wrong a certain number of times. The default is password wrong 3 times and the defauilt block time is 24 hours. You can also log the info so you can see the IP addresses of any blocked users. Hopefully you don’t end up with many attempts but at least you will be able to easily see what has been attempted.

himurae · 10 August 2023 07:04

Done the needful bro