IPFire blue wifi to Internet problem (I have followed wiki)


Have mostly used the blue to be able to turn off the backup firewall if the UPS is running out of battery.

But I have never been able to get blue to connect to Internet or green. At this point I am trying to open everything, but no. I have followed these:

And today I tried again some creative rules, but it don’t want to work. Clearly I am missing some knowledge. Right now I have these settings:
System - Home

Network - DHCP Server

Firewall - Blue Access

Firewall - Firewall Rules

Blue has a mac address filter to allow only known devices. Every Mac must configured or the filter disabled.

If this is correct configured a device in blue can connect to the internet. Only for access green from blue you need extra rules.

Try NAT in your firewall rule.

Blue has a mac address filter to allow only known devices. Every Mac must configured or the filter disabled.

I think I have done it. See from the post above:
Firewall - Blue Access

Try NAT in your firewall rule.

Rule 4 above uses NAT

I have also tried this

I’m not checking your fw rules right now and I guess your firewall default policy is set to “blocked”.

I also guess if you set it to “Allowed” your internet access works.

So your fw rules are the only problem, right?

You will need something like that, but only for devices that don’t you the proxy:

Ping and NTP is optional, but I recommend to allow it. NAT is not required.

1 Like

I already have had both Forward and Outgoing as Allowed (but still no Internet). And I don’t use proxy.

I have also tried with and without routing

I have also tried with and without location blocking

My iptables -S = [root@ipfire2 ~]# iptables -S-P INPUT DROP-P FORWARD DROP-P OUTPUT ACCEPT - Pastebin.com

If you don’t use any proxy, your blue access is set up right and your firewall policy is set to allowed, you don’t need anything else to get blue members internet access.

You can delete all your firewall rules. They are double/triple and not necessary. Also you don’t need any routing entries.

Your blue acces is set to allow any connected client, so this will work.

Edit: You may keep the firewall rule blue to green but that’s all.

That is also what I thought. But still, it is not working. If I connect to my IPFire2 via Wifi, I can not connect to Internet.

In that case your problem is related to something different.

You have to check other things first, for example can you acces the webui of ipfire via blue?

Also you haven’t give us any information about your blue network setup.

1 Like

Yes, at least I can access WEBUI via blue :slight_smile:
Some info about blue

Some more info I should post?

Have you deleted your firewall rules, also the incoming one?

Except Blue to Green access.

Also delete that routing entry.

And why is your AP running in 802.11g only? but that’s another topic.

Pff, this is weird. I did this:

  1. Deleted all firewall rules except blue to green and deleted routing, Applied changes. No change.
  2. Rebooted. No change.

The silly part.
3. Went to Firewall - Firewall Options, changed FORWARD and OUTGOING to “Blocked” and saved.
4. Changed FORWARD/OUTGOING back to “Allowed”. And now it works.

After not working for one year, that was the solution. Turn FORWARD/OUTGOING off and then on. Well, at least it works now.

Thanks for your help!


Could you please answer the short questions.
Is there a device on your GREEN network with IP address ? What is its role?

1 Like

I have two firewalls, their main IP numbers are:
Ipfire1 (primary):
Ipfire2 (secondary):

Then I have the addon keepalived to set them both up as a virtual cluster, using the VRRP protocol for failing-over the IP address from one machine to another. All clients use only

So right now Ipfire1 (primary) is both and If Ipfire1 goes down, Ipfire2 (secondary) will become and

For more info, see wiki.ipfire.org - Keepalived

1 Like