Ipfire showed internet connected on Red but cannot access sites

Hello,

Currently I have my ipfire connected RED from a router and the GREEN is output to my computer. I can access ipfire LAN and my router using their respective IP. My Ipfire saying that I have internet and my computer does recognize that it has internet. However, when I try to connect to site. i.e. google, or any other website I cannot access the sites. Is it the firewall is blocking? I check on the status of the web GUI and it does show that the IPfire have traffic in and out.

I hope someone would be able to help me out.

Thank you so much

Possibly you have a DNS problem. Can you ping an IP address, e.g. 8.8.8.8?

2 Likes

Hello,

I were able to ping and get return from 1.1.1.1 and 0.0.0.0 on my ipfire

So I want want is DSN to ipfire then router then my network. When I plug my computer to my router it says it has internet but as I mentioned I cannot access websites.

However when I connect DSN to router then LAN from router out to ipfire then to my computer I got internet access.

Am setting my fire wall rule wrong?

Thank you so much

Hi,
Maybe it is your firewall rules did you put your rules in the two way ? For forwarding from green to red and red to green ? Can you show us a screen of your firewall rules.

Maybe, but I think it is more likely that you have not set properly the DNS and/or the DHCP primary DNS entry in your IPFire installation. I think when you connect a machine to IPFire, that machine either does not get the correct IPFire IP address as DNS resolver, or it does but IPFire’s unbound is miss-configured and therefore unable to resolve the domain’s requests. These are the two most relevant documents in the wiki explaining how to set up the DNS: wiki.ipfire.org - DNS Configuration and wiki.ipfire.org - Assign DNS Servers

2 Likes

Could you show your hardware connections graphically, including interface addresses?

1 Like

something as simple as:

router ---------- red --ipfire-- green --------- laptop
             24.x.x.x            192.168.1.1

Hello,

Thank you everyone. As cfusco suggested, I am not sure why but when I connect from ISP to ipfire then to router, the dns doesn’t resolve.

WAN (146…)---- ipfire ---- Green (192.168…) ----- Router (192.168.1…) ---- Desktop (192.168.1.x)

So when I have my Ipfire primary DNS set as my Green network default it cannot connect to anywebsites. So I went to the DNS servers suggested list and changed my primary DNS Green network to 8.8.8.8 My router were able to route the internet and now I can access site normally.

Additionally, I think because now when it is my ipfire is the one that route my traffic through 8.8.8.8 when I run OpenVPN. I cannot access my GREEN network. However, if I do the forward option in the openVPN I can access the GREEN network but not the websites (which is the problem I have in the first place)

May I ask if you guys have any suggestion?

THank you all so much

you should really follow @tphz and @pavlos suggestion otherwise will be hard to help you out.

2 Likes

WAN (146…)---- ipfire ---- Green (192.168…) ----- Router (192.168.1…) ---- Desktop (192.168.1.x)

My current route. It worked when I changed my primary DNS to 8.8.8.8

I assume green is 192.168.1.* There is no reason to mask private addresses

What’s the purpose of the router ?

Example:
ISP (24.*) – red – ipfire – green 192.168.1.1
ipfire DHCP configured to offer ip in the range 192.168.1.100 - 250
ipfire DNS configured as 8.8.8.8
Desktop picks an ip (likely 192.168.1.100) and is able to access the Internet.

1 Like

Hi pavlos,

Oh, sorry that I masked the private address. I’m new to this and I didn’t know that it is irrelevant to hide it.

The purpose of the router is just so that I could share internet after it pass through ipfire. If I just connect ipfire to my desktop only my desktop has firewall.

Per your request.

ISP (24.*) ---- Red (146…)---- ipfire ---- Green (192.168.24.7) ----- Router (192.168.1.1) ---- Desktop (192.168.1.237)
Ipfire DHCP configured to offer ip in the range 192.168.24.10 - 192.168.24.200
ipfire DNS configured as 8.8.8.8 (this gives internet )/ Ipfire primary dns set as GREEN (cannot access sites)
Desktop picks an ip (192.168.1.237) and is able to access the internet.

I’m not sure if that is the format you have requested but when I set it up like that everything worked. Except for when I run Openvpn as I have described. If i want to access the GREEN network. DNS not resolve. If i want to access sites then I cannot access the GREEN network.

I’m grateful for your time and your dedication

as @pavlos said, what is the purpose of the router there? It does look unnecessary and can create routing problems.

1 Like

To share the green network for multiple devices, one usually uses a switch ( managed or unmanaged ).

Hello cfusco,

Oh, the router is there just to provide internet access wirelessly and wired to my other devices. i.e phones, desktop, laptops. Because my ipfire i’m running my old laptop with 2 ethernet port.

Hello,

Sorry, I’m just a hobbyist and I have never need of a switch before so I’m just trying to tinker with it via router because that’s the only thing I had on hand. However I think I were able to figured all of it out.

The reason that all my network after the router see internet but I cannot get internet access because of DNS problem as cfsco suggested. At first I went in and changed my primary green network to 8.8.8.8 and it worked but then if I created OpenVPN I cannot get access to GREEN. So i figured it out it might be my router problem. So I went in and add the forward DNS option in my router and everything worked now. I can access website and GREEN network via openVPN.

I’m so grateful the everyone. Everyone is so patient and willing to help me out eventhough I don’t have a clue of what I’m doing. YOu guys are amazing!

The router has to be configured as an Access Point and should belong to the same subnet as ipfire. You wrote that ipfire is on the .24 subnet but the router is on the .1 subnet

Note: subnet refers to the third octet.

1 Like

Hi pavlos,

Thank you for your recommendation. I think the reason I kept my router to have its own DHCP because it is a diy router with 4G capability so I want to use it as a failsafe for my internet. When I set it at Acesspoint it can only route my current wired internet but not mobile broadband internet.

However, when i forward DNS port in my router, it were able to pass through and I can access the sites now.

Thank you so much for your time.

:thinking:
could you please explain it

1 Like

Hello,

It is a router box but it has modem that I can actually put sim in and tether my internet to my other devices