LAN to WAN Rule

Hi,
, I want to tell you by giving an example in my current production that there are more than one external IP.
Standard IPFIRE RED IPs: 30.145.15.20 – 21
Standard Internal Network GREEN IPs: 192.168.100.1-254
My devices on my internal network(192.168.100.1-254)go online from RED 30.145.15.20 IP when using the internet, I would like to make a setting that can be taken to the internet from the other RED 30.145.15.21 IP of 192.168.100.15.
I would be very happy if you can help!

Hallo @leventa

Welcome to the IPFire community

See the following wiki page for how to set up multiple red wan IPs as aliases

https://wiki.ipfire.org/configuration/network/aliases

1 Like

thank you for your answer
I asked to redirect a different device in the internal network to a different external network, not from the external network to the internal network

If I understood correctly you want some internal .15 to use the external .21 but other internal systems use the existing .20 I don’t think ipfire allows you to have two active WAN addresses.

My understanding from the Aliases wiki page is that once you have set up your aliases then those can be used in creating firewall rules.

I think that you would probably need to set the default Firewall Forward rule from allowed to blocked so that you have to set up rules for all communications from your local lan network to the internet but you could then set up rules for certain client ip’s to use one red alias for connection to browse websites and for the others to use another red alias and hence ip.

If you don’t set up the aliases then you will only have one red IP in IPFire, is my interpretation of what I have read on that wiki page and with only one red IP you can’t direct internal clients anywhere else but that single red IP.

I have not done any of this myself as I only have a single red ip. Other forum members with multiple ip’s should comment on their experiences and knowledge and if I have misunderstood things.

On the following wiki page

https://wiki.ipfire.org/configuration/firewall/rules/source-nat

it mentions that “If you have multiple IP addresses on RED, you may want to use Source NAT so that your mail server only uses a second one.” So that looks like you can then use the red alias for controlling which red IP a particular host connects to.

1 Like