Ok so my setup is using a rtl8812 that only works when I set it to 5g. Want to add a 2.4g card to be able to service a few older laptops and such that are stuck on 2.4g. Any basic write up how I would be able to do this on IPfire.
Can you add an Access Point device (Netgear, Asus, Linksys, whatever) that has both 2.4G and 5G ? I have an AP (although connected to green), some old laptops connect to 2.4G, others connect to 5G.
Not sure need this isolated from the green network as it is only intended for guests. POS system and shop run on the green and Blue was for guest only with a rule to block all traffic to green atm.
I dont know your hardware (I have a physical system x86_64) but if I had 3 nic (red, green, blue), I can connect the AP to the blue network.
1 Like
I am running a x64 based pc with Onboard as Red add-in gig nic as Green I have on board wireless that is 2.4 and a add in that is 5g but can only get one to work at a time with hostap. Could I use a rj-45 nic as blue and plug the AP into it? There is a AP on the green network for the registers as they are Ipads.
Yes you can do that. Blue does not have to be a wireless connection. It can use ethernet cable to other computers or to a WAP.
Depending on your WAP’s and if they can do multi ssid and vlans you could also do an ssid for the green network with its vlan id and another for blue. This ethernet cable would then have both green and blue traffic in it tagged for their appropriate vlan id’s. Then that would go to a managed switch which then has a port defined for the green vlan going to IPFire’s green nic (with the same vlan id set up on the zone info page and another port defined for blue.
That way you can have green set up with both cabled and wireless connections going to the servers etc that you might have on your green network. Your guests would then connect to the blue ssid and only be granted internet access, or possibly access to a printer etc as you decide fit.
The above is what I have got set up on my home network and it works very well, although getting the vlans set up did take some trial and error and occasional gnashing of teeth but I eventually figured out what I needed to set up after drawing out my network and annotating which vlan(s) were needed at each port or computer.
1 Like
Ok so my setup so far on this network is as fallows for green. I have one router setup as AP mode but it only handles the wireless security part as its only connected on the lan ports no dhcp so it pulls green IPs. Then I have a wireless in repeater mode at the moment connected to the 2.4 card. Was wanting to add the 5g card to also tie to that repeater for 5g connections. But I guess I could pull both wireless cards and add Gig NIC and run the second router the same way and connect it to blue NIC? And with the firewall setting to not route blue to green is already setup on here so I would not need Vlan then correct and would work similarly as it is strait to blue NIC?
Correct, if you just use the wap for blue then you don’t need any vlans.
The interfaces/networks in IPFire can be described as follows ( maybe it would be worth to clarify in wiki 
):
- RED is untrusted “bad” internet. We don’t allow inbound traffic without invitation.
- GREEN is the trusted local network. Historically it is realised with ethernet. The physical connection can be controlled, you need a cable and a free RJ45 port.
- BLUE is the less trusted local network. Historically realised by 802.11 with a wireless card and hostapd. Physical connection can not be controlled, the transport medium is a wireless connection. Access to the net must be controlled by means of logical rules.
- ORANGE is the network for servers on the local site. Traffic is allowed from RED, but the access to the other local networks is restricted.
The logical properties are defined separate for each network.
It is possible to expand the basic features.
If you connect a WAP to GREEN ( with adequate configuration ) you can allow wireless access to this network.
If you realise BLUE as a ethernet NIC, you can establish a second ( less trusted ) network with the same physical properties as GREEN.
2 Likes
only with help from a firewall rule
1 Like
You are right. There is no general access from WAN to orange. But for the defined ports this direction is open, otherwise the server could not function.