Help finising setup Ipfire network

Hi im a teacher in secondary education ( vocational education in Computer Science=.
Im a newbie in networks…and a mate has recommend me Ipfire.

So i have ipfire installed in virtualbox, with four adapters:

  • One for the red network, bridged ( connected to home/institute network).
  • One for green network, i created a Internal network called empresa in vbox.
    192.168.0.1
    255.255.255.0
  • Another for orange network, i created another internal network called dmz in vbox.
    192.168.2.1
    255.255.255.0
  • Another for blue network, i created another internal network called wifi in vbox.
    192.168.3.1
    255.255.255.0

So i wanna reproduce this:


Is in spanish but quite seff-explanatory.

As far as i know is a very common / recommended setup.
For example connection from dmz to internet is allowed, and dmz to lan is not allowed ( denied).

But in ipfire the green network for default cant access internet…

So in short id like to modify the zone default behaviour…to the one described in the image.

1 - Is recommended or is a better setup to dmz, internal network and internet ?
2 - How can i do this changes in ipfire…
3 - Seems that from green network client i can connect to 192.168.0.1 but not to ipfire.empresa which is the hostname ( ipfire hostname, empresa local domain).

( Posted in answer my setup in ipfire)

Any help would be appreciated…

ps: using for help xmpp client ? How about xchat, discord…

Ipfire zone configuration setup

Also perhaps i had to modify iptables setup in ipfire…to control traffic between networks…

this may help … wiki.ipfire.org - Network topologies and access methods

Well the first question should be…is the schema i post still valid and modern? Im going to teach netwrork services ( dns, dhcp, email, ftp serverm, remote acces like ssh, telnet…).
So as far as i know… the web server and perhaps dns should be in dmz zone.
So it should have to have access from internet to dmz ( red to orange). Am I right ? So the first thing is schema is valid is to port forwarding from red to orange, and viceversa ( the http response).

Internet → DMZ i wanna allowed. In ipfire red → orange closed.
Internet → Lan i wanna closed. In ipfire red → green closed
DMZ → Internt allowed. Orange to red → Open
DMZ → LAN denied. Orange to green Closed
Lan to dmz allowed. Green → Orange open
lan to internet allowed. green to red → open

So the only thing to change is:
Internet → DMZ i wanna allowed. In ipfire red → orange closed.

Also would like to have access from Red to Firewall ( so i can connect to web GUI ipfire from my host computer which is Red ( i have the host computer with internet, and vbox ipfire machine with first network adapter in mode bridge).

Thanks