Making things clearer - writing for dummies

Hello Michael,

your hairdresser example is a good one, because tomorrow i have an appointment with him.

To get you calm, I am not so bad trained as you might expect, but to me it is unclear, what exactly, from your point of view, is a well or enough trained employee. Does the knowledge about what a web proxy is belong to that? Or does knowing the difference between DNS over TLS and DNS over HTTPS also belong to that? What about IPS?

Your idea, to have a driving license for administering a firewall, is an interesting idea. But if you dig deeper into it you will come to the point, that you’ll need an army of well trained professionals to block any kind of attack. I.e. today you also need someone who is an expert in artificial intelligence, because attacks are run by using AI today.

But I agree with you, that it is not good, when networks are managed by untrained people, no matter if it’s an big worldwide companies- or a small home network. Many “hackable” home networks are a good start for a world spanning attack.

But I have no idea how one could get out of this Problem. The only idea is to have well government-financed schools for the home sector that train IT basics free of charge, so that you have a wide fundament of trained people.

In the company sector your idea of a “driving license” seems to be a good idea, at a first glance.



It might be adequately covered already. The IPFire installer:

  • does not have a default address for GREEN
  • defaults to “static” for RED, but offers no default address
  • will require an address for “gateway”, with the above setting, in order to connect to the Internet
  • does not give default “start” & “end” addresses for DHCP
  • does not attempt to auto-assign RED & GREEN NIC

If the new user can pass the above “test” then they should have a working IPFire which, for most home users, will result in a more secure and flexible LAN

1 Like

This is a great example.

The IPFire setup process is not one of those were you click “Next”, “Next”, “Next” and finally “Finish”. IPFire simply supports too many things and there is no good default that works for everyone.

So, why should we suggest a certain default IP address for GREEN?

Probably most systems run on PPP. If anything that should be the default then. But that won’t work without any credentials. Setup is required.

And how can the system know which NIC you want to use for RED and GREEN?

These are basic steps that normally you won’t spend any time thinking about.

Lucky you :slight_smile:

I am calm. I am not stressing out over this. I am just frustrated.

That depends entirely on whether you use these things or not. But my point is that if you use them, you should think first before you click the on button.

Since everyone has at least some sort of router at home, I really wonder why it is not being taught how they work. That reason probably is the same than why we are not learning how to cook a basic meal or to do our taxes. School doesn’t teach the important stuff.

I normally approach things in the way where I read first and then do something. Sometimes I experiment first and see how things go. But the latter approach only works when the risks are low and that seems to be the important factor here: People not being aware of the risks.

I am not in favour of having bright red flashing words all over the wiki that say ATTENTION, because that is not how people are made aware. That is only scaring them.

1 Like

Would it be useful to have a ‘For beginners’ link from the front page of the wiki, which then goes to a page that says something about the amount of work involved in setting up a firewall correctly, and lists the topics which a user needs to have an understanding of before going any further?

I’ve also got some ‘Proof of Concept’ for adding a per page help link to the menus, based on a ‘help’ key in the menu file, although it only works on the ‘ipfire’ theme at the moment.


It used to be possible to download add-on firewall software for Windows. The IPFire Download page does not make it clear that IPFire requires dedicated hardware as well as additional skills.

This could be put on the Download page, with a link to, urging people to be confident that they can do the installation, before downloading.

In my localion (AU), most people using Internet via land-line or fixed-wireless have a modem, supplied by the ISP, that is pre-configured with the subscriber’s login plus the network parameters. That gives little incentive to teach these requirements and “if it ain’t broke - don’t fix it” suits most parties.

Every customer with a custom network setup and a in-house firewall (correct port forwarding was setup during the install) was able to be VPN enabled in less than 1 hour without going on premises.
During the Lockdown this has been a enormous advantage of time and budget for enable remote access to business computer.

If that isn’t clear we should work on our website.

I like this.

I agree with your position and I will contribute where I can to improving documentation. Let me give you an illustrative example of where documentation fails.

From what I can tell you can run a VM On IPFire. All I know is that I can do it. I don’t know of any use cases. Why would I want to do this? It’s not clear what the security risks are? These are all well-known problems but it would be useful to give a paragraph or so referring users where to read up more. I’m not saying we give them the full discourse but more like “you need SSH on Windows, go get putty, here’s the link, read up, there not here”

But what is the conceptual framework of a VM running on IPFire? Here’s an example of what I want to try:

I want to experiment with wireguard and I’m not ready to make an IPFire plug-in yet. The idea is build small VM running wire guard, do some routing magic in the firewall and see if I can make it work and get some metrics on how it performs and ease of use.

However, I have no idea what are the working parameters for VM’s on IPFire. I don’t know the design parameters, restrictions, capabilities. It’s all a mystery and a wiki is not helping in clearing up some of these issues.

I’m going to play with it, I’ll document it as I go along so maybe I can help answer those questions for someone else.

Like that page.

When I needed them, I could not find them. When I don’t need them, I run it to them.
Now those help links just need to be added to the various menu tabs on the system => https://192.168.x.x:444/cgi-bin/index.cgi

I think this would be a great addition to IPFire. Those are good Wiki helps, just need to be able to find them from the IPFire system => https://10.0.x.x:444/cgi-bin/index.cgi

1 Like

Having a link to the wiki would be good.
I think it would be great if it would be for every little thing, but that is not practical.
One link to the wiki index should be good enough.
Perhaps in the system tab Help/wiki and a forum link.

1 Like

Hello Michael,

since you’re doing it again here, I wanted to place a comment on this layout appreciation. It seems you’re using some kind of mobile device and along with this elevate it as standard viewing device (it is not!). So you seem to value all the hints e.g. on the webdesign pointing to the waste of space on the screen through your mobile-device-view. This screenshot above is somehow a prove of leaving out of mind other devices. Here is what I am facing:

So from my point of view I don’t see a really responsive Webdesign. I’d be happy to see this improve in the future because currently it is adversely for the usability (lots of scrolling needed due to only view informations at the viewport).

– Simulacron

1 Like

@simulacron: For the wiki you are right, Concerning the community pages I can not fully agree. The header and footer take whole the width. The body may be somewhat wider, but I think it is okay.
Which browser do you use?

It is 2020. More than half the internet traffic is mobile.

And you are pointing out a design problem that we have in general: computers are wide screen and phones and other handheld devices are not.

You have a zoom button in your browser somewhere if you want to scale up things, but it is generally not a good idea to use the whole width of the screen for the text container. Every newspaper, most other pages with plenty of text content have a container width limited to 900 to 960px. The rest is filled with ads, which we do not do here.

So, I cannot see what you are proposing. This might not work for you, but that does not mean it doesn’t for others.

It’s not problem of wide or narrow screen but of orientation. Real computers ( desktops, laptops, … ) use “landscape”, microcomputers with telephony ( smartphones ) use “portrait” orientation, like books ( without the possibility to turn pages or a number of them easily).


I’m a new user, installed IPFire today and posted a first question on this forum today. I did research for a couple of weeks and tried OPNsense prior to deciding on IPFire now. My research involved web search engines, youtube searches, this forum AND the wiki.

I’d say: the current wiki contains some really good documentation and explanation of the functionality that is built in IPFire. :+1: What I missed: (simple-) usecase scenarios with step-by-step guidance. I intend to provide such scenarios in near future, still have to get more familiar with the product first.

Let’s say if I would want to make a step-by-step guide for a usecase like “Basic setup IPFire as a router to enable desktop pc’s and laptops/cellphones to connect and use the internet”. Would such a guide best be posted as a forum-post or should this be created as a wiki-page?

I would suggest starting as a Community (forum) post. Then get some feedback. Once it is “done” then move it to a wiki page.

1 Like

A post was split to a new topic: Update Proxy Wiki