ISP connection or not?

I would like to know whether obtaining a direct ISP connection is mandatory. To ask this question in another way, can IPFire work like it is supposed to without the startup section where it connects to your ISP. That part would have to be bypassed. If it could be bypassed then IPFire could still connect and work using the ISP provided modem/router.
The reason I am asking this is because I received a reply to a question that makes me question the knowledge of the one answering.

Certainly! You can combine both the Calix GigaSpire Blast u6.2 GS4227E and IPFire solutions to enhance your home network security. Here’s how you might use them together.

  1. Firewall and Security Gateway: Deploy IPFire as a dedicated firewall and security gateway. Connect it to one of the LAN ports on the GigaSpire Blast u6.2.
  2. Custom Security Rules: Configure IPFire to enforce custom security rules, including intrusion detection, content filtering, and VPN support.
  3. Network Segmentation: Create separate network segments (VLANs) using IPFire. For example:
    a) Guest Network: Isolate guest devices from your main network.
    b) IoT Network: Keep smart home devices separate for security.
    c) Work Network: Segment work-related devices.
    d) VPN Server: Set up an IPFire VPN server for secure remote access.
    Remember to adjust IPFire’s settings to avoid conflicts with the GigaSpire Blast u6.2 (such as DHCP range, IP addresses, and port forwarding). Regularly update both systems to ensure security patches and firmware updates are applied. If done correctly, you’ll benefit from robust security features, efficient Wi-Fi, and customizable settings.

Is it just me or does that sound empty of all indications they might know what they are talking about? That is why I am here asking you. I know that YOU know.

Have you tried option 1 of the suggestions ? It is my mode of deploying IPFire, albeit with a much lesser Internet connection.

1 Like

It’s not mandatory to work but some functions need a public IPv4 address on red (VPN) and some need configured in the router before too. (DNAT / Port forwarding).
Also many IPS functions are not working behind a router.

1 Like

Presently I am running IPFire direct and have the router/wifi plugged into my green switch. I don’t like it but it seems to be the only way that works.

This is the best way IMHO. If you can put the router/wifi in bridge mode.
The router in bridge mode may have limitations…
like no Guest wifi.
in Affect the router acts as a AP.

1 Like

I don’t understand the question.

The standard installation is

  • WAN provided by ISP is connected to a modem/router
  • The LAN side of the modem/router is connected to red interface of IPFire
  • The local networks are connected to green, blue, …

What do you want to change in this scenario?

Thank you for your reply. I was just trying to determine if I was not understanding how to set up my home computer securely. If there were another way I know someone would have told me. Like Shaun. Thank you Shaun. My problem is the router. As I have previously stated it is maintained by the ISP and I have very little control. Small things yes like setting up guest and such but it is very limited. I guess I’ll just go with what I have now. It’s better than just running what the ISP gave me.

Internet access for everyone is very simple structured.
ISPs connect to the internet with all it’s routings, name services, … and sell this service to their customers.
The data is transported on various media ( DSL, TV cable, Fiber, … ). Usually it is offered to the customer ( end user ) on an ethernet port of a modem/router using IP protocols.
The end user connects its local network to this port.
To secure network traffic the end user puts an extra device between the LAN port of the modem/router and his local network(s), in our case IPFire.
Ideally the modem/router device is a modem only, or a router in bridged mode.

With this concept all before the LAN port should be under control of the ISP. The ISP sells network access to the internet with a certain speed.
All equipment attached to the modem port is under responsibility of the customer. This mainly true for filtering of bad sites, etc.
All devices in the local networks access the internet through the gateway ( IPFire ) only!

Hope, I could bring some light into the area IPFire is used.

- Bernhard

All devices in the local networks access the internet through the gateway ( IPFire ) only!

Indeed. I’m dumb but even I know that. :slight_smile: No, my issue with the wifi/router is that it connects to green (Lan). Anyone that hacks the wifi has access to my lan. And I can’t run bridge mode because it is controlled by my ISP. That was my complaint. I guess I’ll just keep an eye on my ipfire logs and see if there are any unusual mac addresses. Even that isn’t secure. Oh well. I’ve bothered you enough with this. And thanks. You guys are the best at trying to be helpful. And you are usually successful! :slight_smile: Wish you the best!


How can the wifi router access your lan?
If the separation of networks is true, that isn’t possible easy.
Even in router mode the separation is true, if you do not connect directly from LAN to the router.

That is exactly what I have. My router directly connects to the lan. And my router is controlled by my ISP. Not me.

Your router should connect to the WAN interface (red) of IPFire.
And the wifi is done by IPFire or AP device attached to blue0.