Just started to learn IPFire

Long story short, I want to rid of of pfSense, and I am thinking to go with IPFire (will start to play around with it this weekend): my first question is if I’ll need to set up any kind of rule to allow my son’s PlayStation to get NAT 2.

I don’t want to use DMZ (so no orange network), and as i have a 3-LAN port x86 router, my idea is to use Red/Green/Blue configuration, with Blue just for the PlayStation: can you confirm the Blue network is completely separate from the Green network?


Hi @tethrippon

Welcome to the IPFire Community.

You will need to set up Port Forwarding rules defined by Play Station for specific protocols and specific ports. This can be set up on IPFire. You need to find out which protocols and which ports etc need to be opened up. This info should be available from Play Station but there are probably people using the Play Station that can advise from first hand experience.

Link to Wiki page on Port Forwarding

Yes, Blue and Green are separate networks with different subnets.
The default firewall policy in IPFire is that computers on Green can access Blue systems but computers on Blue cannot access Green without Firewall Rules being created.

One point is that you access the IPFire WUI on Green but it is also accessible by clients on Blue (It is password protected). The following link shows how to change that so the WUI can only be accessed via the Green subnet.

Good luck with your exploration of IPFire. Any further questions then come back and ask.


Hi @bonnietwin,

many thanks for the propmt reply. Great to see I can disable accessing the WUI from Blue network as I want that to be isolated.

As for the PS4 set up, in pfSense is pretty simple and essentially that’s all you have to do


I don’t see in IPFire an option ‘Outbound’, so I hope I can create something similare somehow…

The default policy for Outbound on IPFire is Allowed. So you don’t need to create any rules for that.

This is done so that people starting for the first time with Firewalls with IPFire are able to access the Internet.

Of course for the best security then you should Block Outbound by default and then create rules for every external communication you want to make. This can also be done.

The following is a link to a blog article on this topic.

Hope this helps.