Firewall Rules identical but not working

System is a IPFire 2.27 (x86_64) - Core Update 160

I have two firewall rules

  1. Red Port 9022 → Green Host1 port 22
  2. Red Port 9880 → Green Host2 port 1880

First one is used for ssh from red network and it works fine
Second one is used for http to connect to a webserver and can’t be reached

Both host have static DHCP set by IPFire. Tried to reach both on green from the same on red.

What could I check/change to make sure http/https would work through the firewall from the red side to the webserver in green?

this might help:

And this should help change the Red Port to what you need:

I understand you are not using a DMZ but just use this part:

For what it is worth you really should consider using DMZ instead of your green network.


Thanks for that . As mentioned the configuration was the same.
However found the issue

The particular host to be connected has to have the right ip set here
Firewall-> Firewall Groups-> Hosts

Than and only than after both (IPFire and Host) has been rebooted it works fine.
Not sure why the reboot was needed


this solution doesn’t work for me. i think there was a big bug. i’m meditated do make a downgrande.

Hi Antonio,

first, welcome to the IPFire community. :slight_smile:

In order to be able to help you, could you please post screenshots of the firewall rules in question and explain a bit how your network setup looks like?

Thanks, and best regards,
Peter Müller

Hi @pmueller nice to meet you.
I’m make e new setup of ipfire to change an old IPCOP.
and testing the rules found on IPCOP on IPFIRE and after my post i’ve a doubt.
I have two public ip x.x.x.99 and 100. 99 point ad (ipcop) 100 point 1.3 (ipfire).
Ipfire ipcop 140. My doubt is… that can’t resolve the forware because the web server is on the ipcop gateway… because the rule to access ipfire externally works!

MY DOUBT IS CONFIRMED! The gateway must be unique for the machines to be redirected and IPFIRE. Does any luminary know how to explain to IPFIRE to work on the double gateway?

I did not need to reboot or even define the host name since it is a pure label and ipfire works only and exclusively on the IP and MAC address