I have installed Ipfire today on a Raspberry Pi 3 in a three zone configuration, namely:
RED: Ethernet connected to DSL modem running in PPPoE mode
GREEN: internal ethernet zone for local computer (192.168.1.0/24)
BLUE: using the builtin Wifi adapter with hostapd (192.168.2.0/24)
The system is up and running, internet access via GREEN is available.
For BLUE I have installed hostapd and setup a SSID using the Wiki page instruction. I can register my mobile devices against hostapd, and DHCPD happily provides them with their own IP lease. So far, so good.
In Firewall/Blue access all MACs have been whitelisted.
Also Masquerading is enabled on the Firewall options page:
And so far this was working; my WIFI clients are able to associate themselves against the Hostapd, get an IP address out of the DHCP IP pool and DNS server IP as well.
But still internet access is not working, so I am at a loss here right now, because masquerading on BLUE is enabled and on GREEN internet access is working just fine.