I added some public IPs to IPFire as aliases. I realize that these IPs are configured with a netmask of /24. In fact the IPs I got from my ISP have netmask /29. How can this be adjusted? If I cannot easily correct it - would there be consequences apart from not being able to reach neighbours in the same /24 network?
Are you saying that you entered the alias IP addresses complete with a /24 netmask?
I’ve not used aliases myself, being a humble single-address guy, but I’ve noticed that there is a file
/var/ipfire/ethernet/aliases that might be relevant. What does it contain?
I only typed the IP addresses in the GUI without the netmask.
The aliases file contains lines like “188.8.131.52,on,chosen-if-name”. Also no netmask mentioned.
I figured the netmask from output of “ifconfig” and “route” via ssh login.
Understood. You’ll be using a static config on RED, whereas I’m on DHCP but I’m going to stick my neck out and suggest that the setting RED_NETMASK in
/var/ipfire/ethernet/settings might be relevant. If it’s set to 255.255.255.0 you might explore the possibility of changing it to 255.255.255.248.
Edit: There’s nothing in the wiki about aliases and subnets, so perhaps one of the gurus could comment.
Do you enter those in Network>Edit Hosts ?
my understanding is these are local to your network, not public.
Since your ISP provided you with a /29, you need to have a static ip on red and iirc during setup on the console, you configure red as static and provide a netmask.
Tested on a VM, when you configure red as static, it asks for ip address and mask.
I’m afraid I have to elaborate a litte on my setup.
The way I installed everything is definitively NOT recommended.
I wanted a little virtualization with a few VMs and did that on a Citrix Hypervisor (free edition). Unfortunately there were two limits: 1) the ISP insisted on only giving us 1 LAN port and 2) the project contains only 1 server hardware. So I had to squeeze everthing on one LAN interface. Obviously I don’t want the Citrix Hypervisor to be reacheable from the internet. I want it behind my firewall. On the other hand, IPFire is started as a VM on that Hypervisor. The result is weird and tricky …
As I see it, the setup command in the IPFire console only allows to assign GREEN, RED, etc. to physical NICs, nothing virtual. But as mentioned I only have one server, one cable, although the server has two physical NICs.
On the Citrix Hypervisor I defined an external network for outside traffic which has a private IP range. One of those IPs is on the Citrix Hypervisor, another one is the RED interface of IPFire. This is the NIC that is physically connected.
On the Citrix Hypervisor I defined an internal network (also private IPs), which is only available to the VMs, not for the outside world (i.e. outside the Citrix Hypervisor). The GREEN interface of IPFire has one of these internal IPs, thus can talk to the other VMs. This is assigned to the second physical NIC which is not connected.
Now the RED interface has one private IP assigned by the “setup” command and a few public IPs which are assigned as aliases. Meaning: traffic to the outside world is going through one of the alias IPs! That’s why it would not help me if I set a netmask of /29 for RED via “setup”. I would need to adjust that for the virtual IPs on that Interface (Aliases).
As for the Hosts entries: these contain only IPs and names of my internal VMs.
When you’re all done laughing at me we can certainly agree that the solution for grown-ups would be to get another appliance into the rack which only carries IPFire and offers enough physical interfaces so we can setup everything “by the book”. Until then maybe some of you like to solve the puzzle
Thanks for your thoughts.