How to configure IPFire as wireless access point?

Hello IPFire community,

Is it possible to use a PC with only a single ethernet port and a wireless card as an IPFire powered wifi access point?
The idea is to replace an old home wifi-router by:

  1. Connecting the IPFire-PC through ethernet (red interface) to the ISPs cable modem.
  2. Configure the IPFire-PCs wifi (green or blue interface) as an access point.

The first question is: Would this work?
If so:

  • Is it mandatory to use the blue interface for the wifi access point or would the green interface work as well?
  • How can the wifi access point be configured at the shell? (i.e. without web UI, which is inaccessible)

Your help is greatly appreciated,
Thank you!


have you read the corresponding documentation?

Thanks, and best regards,
Peter Müller

1 Like

Hi Peter,
Thanks for the quick reply. The access point is running by now. Do you have any ideas (or links to the corresponding docs) how to make the web UI accessible to the users/hosts on the blue/wifi network?


Hi Micheal,
you will find all the answers in the firewall default policy guide

1 Like

Do you have any ideas

to make the web UI accessible to the users/hosts

Yes i recommend the same as Peter. Start with this as soon as possible. I recommend also to complete it this time please.

Iam also interested in

  • How many Zones you have configured?
  • How do you have configured Accesspoint? / from where?
1 Like

Thank you, much appreciated! :wink:
The difficulty with ‘proper docs’ is finding them… This, btw., is a real issue, if you’re new to this whole firewall thing and don’t even know what to search for. Please excuse me, I should have mentioned this earlier.

No zones configured so far - i.e. the default zones after installation and ‘setup’ (so, red, green and blue?).
At this time there’s only local shell access (screen and keyboard connected), and that’s how I’ve configured it. Btw, access point (hostapd) is running so far, which made internet available to the wifi clients. The only thing that’s missing is access to the web interface for wifi/blue clients… I’m going to RTFM these ‘policies’. Leo, thanks for pointing to them!

The webgui is accessible from blue by default, but you have to use the green ip in the url.

1 Like

Sorry Arne, thats not true. Think carefully why you are wrong and why i wrote above :wink:

He has written that he can access the web from blue so the needed blue access rule is already present so my answer should correct that the interface is accessible from blue by default.

If he had access from blue to web he also have access to the WUI but he have not. So the RTFM mIssion is needed. In other words i dont think that he have access to web either.

It is possible via elinks (textbrowser) on the console of the IPFire but there are some bugs at change wlan settings. (switch on and off should work)

Do you agree with me that you need from blue to web setting blue access? Do you then agree with me that must already be done if i have really access to internet? Do you agree with me then then it plays no matter if you try access from blue or green to access the WUI?

Without blue access no internet no WUI from blue. With blue access Internet and WUI and this is true for using green ip and blue ip WUI also, there is no diffrence between. In other words if you set this not its not possible to reach the WUI from blue. No matter if you use blue ip or green ip.

Lol i answer myself

Arne in this case iam really interested. Why do you think that if blue access is set, that you can not access the blue WUI? Why do you think, you need for this the green ip?


My fault. The special rule that allow the webgui is only valid from green now.

But i have tried in on my own its for me not possible from blue to reach the WUI no matter if i use green ip or blue ip. After i have set blue access its so what i wrote.

Hi Guys,

it’s running now, with the access point on the green interface. Oddly enough, the web UI (Menu IPFire->WLanAP) doesn’t pick up the settings, which were made in /etc/hostapd.conf. No big deal…

Anyway, thinking about it, it might be better to use the blue interface for the wifi access point. However as soon as I change configuration, all wifi/blue clients lose their internet connection and access to IPFire’s web UI. Btw, sorry, I made a mistake earlier: There was no internet on the clients from the blue network. It seems the browser cache tricked me.

So, to get internet access for the wifi/blue clients, I’ve tried to setup a DMZ pinhole, as recommended here: and

However, the wifi/blue clients don’t get out. It seems something is wrong with the rules, which look like:

Source: Blue, Dest: Green, Nat disabled, Protocol: All, Accept
Source: Blue, Dest: Red, Nat disabled, Protocol: All, Accept

A few questions here:
Do these rules look right? Or is there anything that obviously needs to be changed?
Is the “red” rule needed for internet access?

Arne.F, thank you for pointing to ELinks. That got me a lot further!

Your help is much appreciated,
Thank you,

1 Like