Internet access on BLUE not working

Networking WiFi
1

Hi there!

I have installed Ipfire today on a Raspberry Pi 3 in a three zone configuration, namely:

  • RED: Ethernet connected to DSL modem running in PPPoE mode
  • GREEN: internal ethernet zone for local computer (192.168.1.0/24)
  • BLUE: using the builtin Wifi adapter with hostapd (192.168.2.0/24)

The system is up and running, internet access via GREEN is available.

For BLUE I have installed hostapd and setup a SSID using the Wiki page instruction. I can register my mobile devices against hostapd, and DHCPD happily provides them with their own IP lease. So far, so good.

In Firewall/Blue access all MACs have been whitelisted.

Also Masquerading is enabled on the Firewall options page:

df593285d5e640cb0e8146376496c542
df593285d5e640cb0e8146376496c5421725×1263 150 KB

So far no custom firewall rules have been added.

The zone configuration is the default being setup by the installation procedure.

What might I still be missing which prevents the Wifi clients on BLUE finally gaining access to the internet?

Thanks in advance.

2

There were two places I added allowlist/whitelist info for BLUE:

Network > Web Proxy > Network based access control
and then add your blue network (my blue is the second line):

Screen Shot 2020-08-18 at 3.24.38 PM

I think you had this one. Firewall > Blue Access > Devices on BLUE:

Screen Shot 2020-08-18 at 3.28.16 PM
Screen Shot 2020-08-18 at 3.28.16 PM1952×716 57.9 KB

3

Thanks for your reply.

The web proxy is disabled. Aside that both subnets are entered in the ACL line like this:

e6d6666c391427491fdf1ec84294eb1b

You are right, all MAC addresses are enabled like in your picture using the proper subnet 192.168.2.0/24

4

And Blue DHCP has the proper Blue DNS IP address?

Screen Shot 2020-08-18 at 5.50.36 PM
Screen Shot 2020-08-18 at 5.50.36 PM1960×1032 228 KB

(I’ve run out of ideas that had bit me in the past. Hopefully someone else will chime in!)

5

Unfortunately yes, blue has the proper DNS address. I also entered 8.8.8.8 as secondary, just in case.

6

But @jon seems to forgotton the checkbox. Is that also the case in your setup?

1 Like
7

The checkbox is ticked in my setup, here’s how it looks like:

grafik
grafik1723×216 12.3 KB

And so far this was working; my WIFI clients are able to associate themselves against the Hostapd, get an IP address out of the DHCP IP pool and DNS server IP as well.

But still internet access is not working, so I am at a loss here right now, because masquerading on BLUE is enabled and on GREEN internet access is working just fine.

8

This behaviour is absolutely expected and normal. This works completely independent if blue access is configured or not.

Please post a screenshot from

  • DHCP config
  • Zone Configuration

Because you said green works and you have no custum rules added it seems your firewall policy is still default.

Anyway… default firewall behaviour both Allowed?

9

Here’s a screen shot of what I guess is the zone configuration - if wrong, please do let me know:

a7539d4553d2bdd73c76bfa52ddedd32
a7539d4553d2bdd73c76bfa52ddedd321644×447 30.3 KB

Firewall behaviour is allowed. DHCP will follow.