Internet access on BLUE not working

Hi there!

I have installed Ipfire today on a Raspberry Pi 3 in a three zone configuration, namely:

  • RED: Ethernet connected to DSL modem running in PPPoE mode
  • GREEN: internal ethernet zone for local computer (
  • BLUE: using the builtin Wifi adapter with hostapd (

The system is up and running, internet access via GREEN is available.

For BLUE I have installed hostapd and setup a SSID using the Wiki page instruction. I can register my mobile devices against hostapd, and DHCPD happily provides them with their own IP lease. So far, so good.

In Firewall/Blue access all MACs have been whitelisted.

Also Masquerading is enabled on the Firewall options page:

So far no custom firewall rules have been added.

The zone configuration is the default being setup by the installation procedure.

What might I still be missing which prevents the Wifi clients on BLUE finally gaining access to the internet?

Thanks in advance.

There were two places I added allowlist/whitelist info for BLUE:

Network > Web Proxy > Network based access control
and then add your blue network (my blue is the second line):

Screen Shot 2020-08-18 at 3.24.38 PM

I think you had this one. Firewall > Blue Access > Devices on BLUE:

Thanks for your reply.

The web proxy is disabled. Aside that both subnets are entered in the ACL line like this:


You are right, all MAC addresses are enabled like in your picture using the proper subnet

And Blue DHCP has the proper Blue DNS IP address?

(I’ve run out of ideas that had bit me in the past. Hopefully someone else will chime in!)

Unfortunately yes, blue has the proper DNS address. I also entered as secondary, just in case.

But @jon seems to forgotton the checkbox. Is that also the case in your setup?

1 Like

The checkbox is ticked in my setup, here’s how it looks like:

And so far this was working; my WIFI clients are able to associate themselves against the Hostapd, get an IP address out of the DHCP IP pool and DNS server IP as well.

But still internet access is not working, so I am at a loss here right now, because masquerading on BLUE is enabled and on GREEN internet access is working just fine.

This behaviour is absolutely expected and normal. This works completely independent if blue access is configured or not.

Please post a screenshot from

  • DHCP config
  • Zone Configuration

Because you said green works and you have no custum rules added it seems your firewall policy is still default.

Anyway… default firewall behaviour both Allowed?

Here’s a screen shot of what I guess is the zone configuration - if wrong, please do let me know:

Firewall behaviour is allowed. DHCP will follow.