I had to exchange our IPFire because of hardware issues. So I reinstalled IPFire on new hardware and restored the configuration.
The computers behind the IPFire are on network 192.168.100.0 and the telephone system in front is on network 192.168.104.0. The Fritzbox router (192.168.104.1) and the web interface of the telephone system are not reachable from the green network anymore. Web surfing works fine.
The firewall logs show some DROP_INPUT messages.
The direct connection to the Fritzbox without IPFire works fine as well.
Something to change in the firewall options? Would be very helpful if someone has an idea. Thanks in advance.
Which machine is assigning those numbers? 192.168.100.xx is assigned by IPFire and 192.168.104.xx is assigned by Fritzbox? From the point of view of Fritzbox, what is the IP address of the IPFire machine?
My guess is that you have to tell the Fritzbox how to route the packets directed for the IP range assigned by IPFire for its green network. In other words you need to assign on Fritz a static route for that IP range, having as gateway the IP address of IPFire.
EDIT, I would like to clarify my point. Your problem appears to be related to routing between the two subnets (192.168.100.0 and 192.168.104.0). From the information you’ve provided, it seems that the IPFire device is connected to the Fritzbox and is managing the 192.168.100.0 subnet, while the Fritzbox is managing the 192.168.104.0 subnet.
One possibility is that the Fritzbox doesn’t know how to route packets back to the 192.168.100.0 subnet. To fix this, you might need to set up a static route on the Fritzbox. The static route should direct traffic for the 192.168.100.0 subnet to the IPFire’s IP address on the 192.168.104.0 subnet.
By the way, you should look at the DROP_INPUT messages in the firewall logs in more detail. They might give you a clue about what kind of traffic is being blocked.