PING, but no access to GUI Server

In a new LAN, I have this network.

(Public Address)
(Red NIC)
IPFIRE – (Orange NIC) -------- (Server)
(Green NIC)

From MyPC I’m able to do the PING on every address, but not to do
Instead, if I change the static address of my PC’s NIC to and insert the cable directly into the server or in its switch I can access the GUI with the same URL.

The server is configured with

In IPFire there is installed

  • IDS on Green
  • Guardian
  • Clamav + Squidclamav
  • Proxy Web + SARG
  • URL Filter
  • Update accelerator

I also tried creating two rules in the firewall

  • From Green
  • To
  • HTTP / HTTPS presets
  • Accept


From MyPC I’m able to do the PING on every address, but not to do

you probably need a to configure firewall rule for allowing this.

Are there any firewall log entries in this case?

Thanks, and best regards,
Peter Müller

I have put the rule; I wrote it before.
Obviously it is not enough.

But I don’t understand why I from the LAN (Green) I can access in the DMZ (Orange) for example the SQL server, the Remote Desktop and other services without the need for rules.
And instead for port 80 I have to write one.
I believed that from the LAN (Green) I could access to DMZ (Orange) without problems and that the rules were necessary for access from Internet (Red).

I think you have the wrong Gateway on the orange network …
green -> orange is allowed by default, the opposite needs pinholes.

Right now I’m not near the firewall, but, if I remember correctly, in the setup I can define:

  • IP and Netmask of Green and Orange.
  • IP, Netmask, Gateway and DNS for Red.

There is no gateway for Orange.

Then, on the machines located in the Orange, I have to put:

  • a static address
  • the Gateway to the Orange NIC on IPFire
  • the public DNS, like

==== Update ===
I confirm the IP Address of the server:

I’m not able to access with http from a PC in Green, but only from a PC in Orange


Maybe some of the rules do not allow access from green to Web Interface?

Found and solved!
The problem is related to Network Based Access Control.
By moving IPFire from the test network to the production network and therefore changing the addresses of the Green and Orange areas, the old address remains in the field Allowed subnets.
Changed this with the new subnet address, I am unable to access the server again.