ORANGE within ipfire: ip 10.x.y.1 / netmask 255.255.255.0
KODI settings: ip 10.x.y.2 / gateway 10.x.y.1 / netmask 255.255.255.0
DMZ is running now on 10.x.y.1/24, KODI is set to the settings above, but I get no internet connection.
#Edit: oh, I think I understand the point.
I closed all outgoing and incoming connections on ipfire, so the automatic connection could not be done. So I need rules for 10.x.y.2 (KODI) for DNS (53) HTTP (80) + HTTPS (443) and NTP (123) to the RED.
I was a little confused by the description on ipfire WIKI about the networks connectivity and thought the ORANGE is automatically allowed (even if i restricted everything). But it would be stupid
Yes this is true if your blocking outgoing traffic.
You will probably need more with something like KODI.
You would make a kodi service group.
And add the services you need like HTTPS (443) etc. This is the harder way.
Than allowing all outbound traffic.
I myself have not reached this level of security.
My point is blocking out going is not wrong
Just the harder path. Get familiar with firewall logs.if that is the chosen path.
Thanks a lot! I already realised 1st, 2nd and 3rd point. For ICMP I must make a new thread and I struggled a little bit with web proxys in the past, but want to try it again.