IPFire plugged into Fritz!Box 6590/6591 as cable modem


right now my cable provider Vodafone is configured using briged mode with a Hitron cable modem. IPFire is attached to a network port located on the rear of the Hitron.

I’m planning to exchange the Hitron and use a Fritz!Box 6590/6591 instead. IPFire still should be attach to this new cable modem.

Three questions came into my mind:

  1. will I be able to reach the new cable modem to do certain configurations like SIP settings, modifying the phone books and similar?

  2. will IPFire still work as it is set up now or do I have to re-configure it different?

  3. is the bridged mode of my provider still necessary or even mandatory?


I think you have here one big problem. You want use the new box as Voip and Modem. And you want use this Box in Bridge Mode. But here starts AFAIK the problem. In bridge mode you can not use the Box for Voip anymore. Its now only a Modem. And normaly its not possible anymore to use bridge on Fritzbox. So i think if its more important for you to use also Voip in your new Fritzbox you must do double Nat i guess, and change IPFire config.

Hi Michael,

use the ipfire as exposed host in the fritz box. Than you can youse the voip-setup of the fritz box and don’t need two forwards for ports. Works well here on T-com-dsl and befor on Unity/Vodafone.

Thanks, found similar information here https://www.mielke.de/blog/UniFi-USG-FritzBox-6590-6591-Bridge-Mode-Exposed-Host–555/, although in German language…

Will see what happens if the fritz box arrives…


OK, I saw this answer coming, but as DJ-Melo already told, using IPFire as exposed host in the Fritz!Box, double NAT should be no issue, right? And I still will be able to access the box and be able to configure it?

Hi Michael,


see also old forum https://forum.ipfire.org/viewtopic.php?t=20806

My answer was a litte imprecise. The important thing what i tried to explain is you cant get bridge mode and voip at same time. And if you want Modem and Voip you must doube Nat or exposed Host Setup. But you must change the config in IPFire. To answer your question i dont see any problems. All should be able to configure.

I understand your posting first that you prefer the bridge mode setup. Sorry for the confusion :wink:

So I will perform the following steps:

disable DHCP in Fritzbox 6590
Assign a static IP address to the Fritzbox, e.g.
Connect IPFire’s red interface to Fritzbox’s LAN2
Assign a static IP addres to IPfire’s red interface, e.g.
Add exposed host in Fritzbox for IP address

Green interface is still on IP address
Net mask is still on

Goal is that I can access the Fritzbox from green, using and IPfire as usual on

Will this work?


I have a Fritz!Box 7490:

  • Fritz!Box set as cascaded router via Home Network -> Network -> Network Settings -> Internet-Router selected.
  • DHCP in Fritz!Box disabled.
  • Using the pre-defined Fritz!Box IP by AVM which is
  • IPFire connected to LAN1
  • Static IP adress for IPFire’s RED interface to
  • IPFire is added on Home Network -> Network Settings -> Add device. Added as plain entry, not as exposed host. No need to.

Works. I can access Fritz!Box from GREEN via RED on



1 Like

Looks good.

I understand exactly what you mean, anyway its better u use to reach Fritzbox :wink:

And only for a little bit more confusion :wink: this exposed thing is only for easy up the things. For example you use vpn on IPFire or you have services behind IPFire. You can all do without exposed host if you want.

Happy networking :wink:

1 Like

My current setup is a bit more advanced. Hence I guess I have either to use the exposed host way or doing some port forwarding from Fritzbox to IPfire as I have setup already at the moment in IPFire now.

I’ve got an orange network with a Raspberry Pi inside, and I’m using IPfire’s OpenVPN to access my local network. Moreover a port forwarding in IPFire allows me to access a Webdav server in LAN which is not located in the orange network.

So things might be a bit more complicated as it seem at first look. So will exposed hist be necessary or will it be the only way to re-use my current setup in the same way without changing too much or will I have to do a completely different setup?


Hi Michael,

with exposed host it will work and you don’t have to setup anything in fritz box. If you do this not you have to do anything double like portforwards an so on once in ipfire an others in fritz.box.
Connect ipfire to lan 1 on fritz.box give it a static ip in range of fritz box for red. the rest of your network behind ipfire you can setup like you want.


1 Like

Yes, of course, you’re right! :stuck_out_tongue_winking_eye:

One word about the Lan1, Lan 2. I read the Info about your link you post above. There he said, he must use Lan 2 for exposed Host. My knowledge is here not “state of the art” sometimes things change behind the curtain so i think it doesnt hurt if you also use Lan 2 with exposed Host. I guess thats the reason why you also spoke about using Lan 2.

Yes, exactly. Anyway I guess I can test for both interfaces…

works perfect here on LAN1. Fritz Box 7590 and also before on a 6490.

1 Like

May I ask for a next configuration question?

When IPFire is attached to LAN port 1 and this is the one and only connection form external to internal network, I assume that no other interal server can be reach from outside, correct? (the orange network is not used)
IPFire is then configured as exposed host in FritzBox WebIF.

The current lab firmware of FritzBox 6590 allows setting up a phonebook that is connected to a CardDAV server. This would allow me to use out family contacts to be synchronized to the phonebook of the FritzBox. I’m running a CardDAV server on one of my local Synology NAS. The server can be reached by using the URL e.g. https:/…

I’ve successfully set this up using the fritzBox running in a test environment inside the LAN.

Now, when using the 6590 as a cable modem and IPFire as exposed host, I doubt I still can reach the URL https:/ from the box itself, right?

Any idea how this setup could be configured to get the address book from LAN to the FritzBox again? I do not want my Synology NAS to be reached from external, though.


Hi Michael,

i don’t quite understand the question you should be able to reach the ip of the fritz box from green. You might have to enter the ip in the HOSTS of the IPFire, but I didn’t need that in the end.


It’s not the FritzBox I would like to access from green but access a NAS in LAN from the FritzBox itself. Which means access an internal server from red?

The planned setup will be:
Vodafone -> FritzBox 6590 -> Firewall (exposed Host) -> LAN -> Synology NAS (CardDAV-Server, IP-Adresse

With other words: the FritzBox itself needs access to a IP-address (better an URL) hosted on my internal Synology.

IMO, when using the setup as described above, with exposed host, I guess, the FritzBox won’t have access to the internal Synology.


that’s right. I think you have to put the NAS in Orange.