I just made a new install of IPFire and I can’t get internet on GREEN interface.
My setup is:
RED + GREEN
RED - Static IP (Fiber Internet - all configured as specified, client, gateway, dns IP addresses)
GREEN - DHCP Enabled
I can ping everything from IPFire command line terminal, e.g. ping 8.8.8.8 or my ISP’s gateway and they are just response fine without any loss, but can’t open/navigate to any internet page “page cannot be displayed”.
Same config on the low cost TP-Link Wireless Router working from the box.
Is there any internal setting that need to be enabled to get internet on the GREEN interface?
I can ping everything from IPFire command line terminal, e.g. ping 8.8.8.8 or my ISP’s gateway and they are just response fine without any loss, but can’t open/navigate to any internet page “page cannot be displayed”.
This sounds like your client queries IPFire for resolving DNS, and it fails to do so. A common root cause for this are broken or misconfigured upstream resolvers breaking DNSSEC. Could you please post a screenshot of your DNS configuration and the assigned DNS servers here?
I can’t post you right now any screenshots, because the IPFire box is in the office and I can’t access it from home.
I tough for the same about upstream and DNSSEC, but the IPFire resolves the given DNS addresses as: resolver3.stcable.net and resolver4.stcable.net without any issue and the DNS configuration is same as on the picture shown on the WIKI link.
I used IPCop for maybe 8-10 years and I didn’t had any similar issues with it.
first, I’d like to apologise for replying that late.
Second, I get a timeout error while querying those DNS servers as well, so I cannot determine whether they support DNSSEC or strip out signature information needed by IPFire in order to validate DNSSEC.
But, I don’t understand, before in IPCop or any other low cost Router DHCP Servers DNS addresses can be left empty and it will work normally.
As far as I am aware, IPCop did not enforce DNSSEC validation (I am not sure whether it was even supported), and low-cost routers usually do not know anything about that technique. However, with IPFire, DNSSEC becomes mandatory: If you are running an IPFire machine, you will be validating DNSSEC.
Could you please try removing the tick at “use ISP-assigned DNS servers”, select some (two to four should be sufficient) DNS servers from the list here and try again?
Further recommendations regarding DNS configuration is available here:
while I suspect those DNS servers being broken as well, not being listed as a recommended DNS resolver in the wiki does not necessarily mean an IPFire setup is broken.
Unfortunately, the rDNS/PTR is not that telling either, as it can be omitted.
If you untick the servers in the top half of your screenshot, then save, the default settings in the lower half should still provide a working DNS.
If I understood @beicnet correctly, he is using the DNS resolvers assigned by his ISP. In this case, I do not think disabling them will make any difference, but we will see…