Port forwarding from red to green does not work

Security Firewall Rules
1

Hello,
I have installed the version IPFire 2.27 (x86_64) - Core-Update 176 and I can’t get the port forwarding from red to green to work.
My little network looks like this:
Internet — Fritzbox — (Red - 192.168.178.x) — IPFire
IPFire — (Green - 192.168.8.x) —
IPFire — (Blue - 192.168.5.x) —

When my laptop is connected to the Green network, I can access the web on port 8123.
Now I want to make the web accessible from the blue and red network as well and I created a Firewall Rule following these instructions.
https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding/red_to_server_on_green

FW-Rule1
FW-Rule1944×251 19.7 KB

FW-Rule1Detail
FW-Rule1Detail971×1038 82.3 KB

If I connect the laptop to the blue network, I can access the web on the green network as expected.
The firewall log shows entries: FORWARDFW blue0 TCP with the correct IPs and ports.

If I connect to the red network, I do not get a connection to the web in the green network.
I do not understand these entries in the firewall log:

RedDrop
RedDrop699×32 5.59 KB

Bootstrap protocol, DHCP? I am not a network professional. What am I doing wrong or have I overlooked?

2

Since this network is double NAT’d I don’t think it will work.

Can the Fritzbox be set to bridge mode? (I know little to nothing about that box)

That will cause your Internet address (and not the 192.168.178.x) to be available on the output of the Fritzbox AND the input / RED of the IPFire box.

2 Likes
3

@pedeh
Who is 192.168.8.100 please? Computer connected to green eth at IPFire?
If yes, then switch under option NAT the Firewall interface to green.

Else for info, what is the IP of green eth itself.

BR
Trash

4

To connect the device from RED you have to use the RED_IP:8123 istead of 192.168.8.100:8123 because of the NAT.

Yes this is the DHCP Request that send your laptop to all on the red network and the Fritzbox will answer. (IPFire will drop the request and log it.)

3 Likes
5

Thank you Arne.F,
learned something new today :slight_smile:
In my environment, from the laptop on the red network (192.168.178.28), I need to select the red IPFire IP (192.168.178.5 ) in my application to connect to the web on the green network (192.168.8.100).
It works and in the firewall log it now looks like this:
RedConnect
Thanks again