Hi!
Have mostly used the blue to be able to turn off the backup firewall if the UPS is running out of battery.
But I have never been able to get blue to connect to Internet or green. At this point I am trying to open everything, but no. I have followed these:
And today I tried again some creative rules, but it don’t want to work. Clearly I am missing some knowledge. Right now I have these settings:
System - Home
Network - DHCP Server
Firewall - Blue Access
Firewall - Firewall Rules
Blue has a mac address filter to allow only known devices. Every Mac must configured or the filter disabled.
If this is correct configured a device in blue can connect to the internet. Only for access green from blue you need extra rules.
Try NAT in your firewall rule.
Blue has a mac address filter to allow only known devices. Every Mac must configured or the filter disabled.
I think I have done it. See from the post above:
Firewall - Blue Access
I’m not checking your fw rules right now and I guess your firewall default policy is set to “blocked”.
I also guess if you set it to “Allowed” your internet access works.
So your fw rules are the only problem, right?
You will need something like that, but only for devices that don’t you the proxy:
Ping and NTP is optional, but I recommend to allow it. NAT is not required.
I already have had both Forward and Outgoing as Allowed (but still no Internet). And I don’t use proxy.
I have also tried with and without routing
EDIT
My iptables -S = [root@ipfire2 ~]# iptables -S-P INPUT DROP-P FORWARD DROP-P OUTPUT ACCEPT - Pastebin.com
If you don’t use any proxy, your blue access is set up right and your firewall policy is set to allowed, you don’t need anything else to get blue members internet access.
You can delete all your firewall rules. They are double/triple and not necessary. Also you don’t need any routing entries.
Your blue acces is set to allow any connected client, so this will work.
Edit: You may keep the firewall rule blue to green but that’s all.
That is also what I thought. But still, it is not working. If I connect to my IPFire2 via Wifi, I can not connect to Internet.
In that case your problem is related to something different.
You have to check other things first, for example can you acces the webui of ipfire via blue?
Also you haven’t give us any information about your blue network setup.
Have you deleted your firewall rules, also the incoming one?
Except Blue to Green access.
Also delete that routing entry.
And why is your AP running in 802.11g only? but that’s another topic.
Pff, this is weird. I did this:
The silly part.
3. Went to Firewall - Firewall Options, changed FORWARD and OUTGOING to “Blocked” and saved.
4. Changed FORWARD/OUTGOING back to “Allowed”. And now it works.
After not working for one year, that was the solution. Turn FORWARD/OUTGOING off and then on. Well, at least it works now.
Thanks for your help!
Could you please answer the short questions.
Is there a device on your GREEN network with IP address 192.168.222.254 ? What is its role?
I have two firewalls, their main IP numbers are:
Ipfire1 (primary): 192.168.222.251
Ipfire2 (secondary): 192.168.222.252
Then I have the addon keepalived to set them both up as a virtual cluster, using the VRRP protocol for failing-over the IP address 192.168.222.254 from one machine to another. All clients use only 192.168.222.254.
So right now Ipfire1 (primary) is both 192.168.222.251 and 192.168.222.254. If Ipfire1 goes down, Ipfire2 (secondary) will become 192.168.222.252 and 192.168.222.254.
For more info, see wiki.ipfire.org - Keepalived
