thx for the nice Firewall and of course for the community over here.
That’s my first comment at all. So please don’t be to harsh, if anything is wrong about my comment.
I’m testing IPFire and really love it, but do struggle to get WIFI networks to work.
Overall my setup looks like:
RED: WAN via cable internet (IPv4)
GREEN: my trusted LAN network devices
BLUE: the part, where I do struggle
No to the blue network:
I want to connect my 3 UniFi Access Points to that network.
Within that blue WIFI Network I want that I do have 2 or 3 WIFI SSIDs. One for my devices, one for IoT devices and one for guest devices.
How do I manage to separate the WIFI SSIDs from each other? Or is it not possible with IPFire?
If it’s only working for 2 SSIDs (trusted green network devices and blue devices like guest devices), than it would ne nice to also get a hint how this could work.
But the best solution would be to have those 3 separate SSID “networks”.
Thx so far and I really hope to get some help concerning this point as I don’t know how to solve it.
please tell us something more about your ipfire hardware an have a look at wiki.ipfire.org - Zone Configuration if you use vlan’s you have to use managed switches that’s right. In my case i have puted the unifi AP into green and manage the guest wlan about the accespoint
Actually I could use VLANs, but I try to avoid it, as I have to use managed switches (and I don’t have that much trust into those kind of switches at all.
That’s why I was asking.
Someone managed to get Access Points to work over blue port from IPFire (but also has access to green network?).
So if I understand correctly, you want to connect your three Unifi AP’s to a non-managed switch which then connects them to the Blue zone interface on IPFire and to have three different SSID’s on the AP’s. You can do that but the clients on the three SSID’s will not be separate once they are in IPFire.
The default setting for the Blue zone, once Blue Access is set, is access to the Red and Orange zones and also access to the IPFire WUI.
If you want to prevent access to the IPFire WUI from Blue see link.
You could then control the different clients via Firewall Rules based on their IP Addresses that you have provided from the Blue DHCP. So you could only allow the IOT clients to access the Red (Internet) and nothing else and specific trusted clients could have a rule to access services on Green from Blue using the principle of DMZ pinholes but adjusting for access from Blue to Green.
However, all your clients will be in the same subnet and hence not separated.
As @anon65703081 mentioned this separation would usually be done via VLAN ID’s and managed switches. On IPFire you can only set up one VLAN ID per zone so that would be one ssid per zone if using VLANs.
I am doing the same as @anon65703081 using AP’s with two SSID’s, one of which goes to Green for access for myself to all services and the other to Blue for guests. The two SSID’s have different VLAN IDs which are sent to the different IPFire zones via managed switches.
I don’t believe that the full separation of the different SSID’s as you describe can be done with IPFire
I believe so. It is certainly what I am using for my home network. I have two wireless AP’s with two ssid’s, one for green and one for blue each with their own VLAN ID. My managed switch then sends the green vlan signal to IPFire’s green input and the blue vlan signal to IPFire’s blue input. I have the green and blue zones set with the appropriate vlan id. This works well for me. I use the green wifi with my laptops and can access all the green network. I use a very strong passphrase protection for the wifi wpa2. The blue wifi is my guest network and is used by my family and friends when they visit. (Not been any real traffic on it over the last year).
A third ssid could be added to go to orange for the iot devices. I don’t use it at the moment but it could end up being used for a smart thermostat in the future. It would then be restricted to my orange zone, which currently has my tv, dvd, surround sound amp etc in it.
I think for your iot devices you have to decide what is the best thing for your situation. If you have things in the orange zone that you don’t want your iot devices to mix with then probably the blue zone with your guests is a better bet but you have to figure out what is right for the mix of devices you have in each zone.
Remember that in the orange zone you will not get any dhcp service from IPFire, so either everything needs to be assigned fixed ip addresses or you will need to set up a dhcp server of your own in orange. You will also need to define external dns server(s) for the same reason.