Help with Firewall Rule

Hi guys, I’d like to ask for help with a firewall rule. The system is a dummy home gadget.

My question is:

• how can I get this one dummy device to ping Google?

The problem I have with this gadget is that in order for it to think there is internet it pings Google. Setting the DNS statically on the device don’t fix the connectivity issue because it’s hard coded on the device itself to ping Google. All other devices have internet except this one device.

I supposed before it thinks there is internet it pings Google and if the ping is successfully then it finally finish configuring itself as “there is internet connection.” The problem I have is the self ping test it makes is failing and no matter what… it believes there’s no internet connection. And there is no form on the device itself to bypass this check, it’s hard coded on the device itself to ping

My interpretation of the above is that even when you allow it to access Google, its in built ping test is saying that it has failed to find Google and hence there is no Internet. All the other gadgets are successfully saying they have found the internet.

Based on the above then you can’t overcome that issue as there is clearly some hardware/software problem in that one device and it needs to be replaced.

1 Like

Dumb question? Did you enable blue access?

True, and what you got from it is correct.

Is there a way I could change the dropforward rule for this one device to ping Google. Either by IP or MAC address?

Or is there a way I could add a loopback interface to IPFire so this device pings it and finishes it’s network configuration? Kind of fooling it to think Google is there using a loopback.

There is internet and DNS is working but because it’s hard coded to ping directly, it’s self-check test fails and it never finish its configuration and reports that there is no internet connection.

Yes, blue access is enabled. I added it to the list.

Adolf and Shaun HVAC thank you so much for the prompt responses, I’m going to sleep but I will check for new replies and I will reply later today. I just wanted to thank your before going to sleep.

I think I am understanding your situation.

All your other gadgets are happily connected to the internet using the DNS server you have defined.

This one gadget requires direct access to

Is your Blue Interface a wireless card built into IPFire or are you using a Wireless Access Point (WAP) which is plugged into the blue network via an ethernet connector?

If it is the latter are you also using mac address filtering in the WAP or is it disabled?

In your Blue Access setup did you disable mac address filtering or have you specified the mac address and IP Address for each gadget?

If you have no mac address filtering in place and any WAP you are using also is not using mac address filtering then the gadget should just be able to access the internet directly from Blue to Red.

The DROP_FORWARD message suggests to me that the Blue Access generally, or for that specific gadget is not correctly specified and therefore the traffic is being blocked.

Can you show a screenshot of the Blue Access page from the WUI menu - Firewall - Blue Access.

Also are you using IPFire to provide the IP addresses to the gadgets via the Blue Network dhcp?

By the way, you should be able to show the Source address in the Blue Network as those will be Private IP Addresses such as between to
or to
or to

and therefore not publicly accessible by any one else.

It is just the public IP address that have been been provided on your red interface that you should look at redacting so that it is not displayed.

1 Like

Sorry for my late response Adolf. Yes I’m using the DHCP on the blue. basically IPFire DHCP server. I’ll look on the blue access configuration again and I’ll report back. I’ll double check that section. I’ll report back.

Thank you again Adolf,