I have installed IPFire (core 181) on IPFIRE-MINI-EU-R1. It works, but it slows down web access so it is almost unusable. I have used IPCop for years, running on an old stationary PC, and it did not suffer from this problem. Can the problem be related to DNSSEC ?
I also have an IPFire Mini machine with Intrusion Protection and IP Block List and Web Proxy running on it and I have no slow web access that I notice.
I am running Core Update 182 but it was the same when I had Core Update 181 running.
What sort of timescale are you talking about when you say it is slow and is it all websites or just some?
1 Like
What Adolf said. Please define slow. Is it download speed in relation to ISP advertised speeds? Is it latency?
I do notice on some systems that enabling IPS or QoS (or both) will have a negative impact on download speeds. For example, a 300Mbps downlink will max out at somewhere between 100-200Mbps. But latency is still good so that web browsing still feels responsive.
1 Like
The download speed is not affected; it remain as before. But there is significant latency (one to several seconds) that is affected, so it seems to be related to DNS. I am wondering if it can be realated to CGNAT used by my IP provider? Just a thought.
I managed to log into my fibre-LAN gateway (SFR Box 7) and discovered that it has an inbuilt firewall on IPv6, which probably interfered with IPFire. So it seems I do not need my own firewall.
That depends!
If the SFR Box 7 is your property, you can control the FW config of the device. IPFire isn’t necessary if the box allows the same settings.
In case of ISP’s property of the box, IMO it is better to divide the gateway job. The box does the converting task fibre <—> ethernet ( bridge mode ), IPFire is responsible for the protection of your LAN.
2 Likes
Does IPfire version 2.x already work with IPv6? 
No, IPv6 is not supported in IPFire 2
Is the SFR = Cisco SourceFire?
Maybe this helps
https://docs.opnsense.org/manual/how-tos/sfr_red_fr_ftth.html
It seems SFR Box does not have a bridge mode, so for the time being I will just have to use it as it is, without IPFire…