.Hi guys, I have a (maybe stupid) question: I started with having a webserver test machine in the orange network to make it available to the internet. During routine checks I found out that on this Linux machine in Orange I can ping the IPfire’s Green, Blue and Orange IP addresses. Shouldn’t these be dropped from the Orange network?
I have done a fresh installation of IPfire with minimal basic config and still see this behaviour.
Is this standard and if yes, can anyone tell me why?
Even more - from a machine in the blue network, I am able to open the ipfire web console on ipfire’s ORANGE IP address. If this weren’t a fresh install, with manual and only basic configuration like dial-up settings, I would suspect misconfiguration on my side.
Can anyone confirm this is expected, normal behaviour on a fresh IPFire installation?
Summary:
Machine in Orange network is able to ping all four IPFire network interfaces, green, blue, red and orange.
A Machine in blue (no Port rule, pinhole etc defined for this in the firewall) can open IPFire’s Webinterface on the Orange IP address, port 444.
An openVAS scan from Blue to the whole orange network range shows the following vulnerability (maybe a false positive, I continue to research but do not have much time right now): Web Proxy Auto-Discovery Protocol Information Disclosure Vulnerability (badWPAD) - Active Check: Vulnerable URL: https://myOrangeIP:444/wpad.dat
This seems strange to me, any explanation would be highly welcome! As soon as I can I’ll also scan from the orange and other networks, but my time is limited.
However if you have no firewall rules set up and try and run a ping from a machine in your orange network to a machine in your green or blue networks you will get no response.
Yes. This is mentioned in the documentation. However the user on the machine on the blue interface can only open the WUI if you have given them the password.
The IPFire documentation also shows you how to block that.
