I created an account here several years ago and never installed IPFire. I have decided to give it a shot and have a couple of Q’s. Is there a limit to the number of interfaces that can be created? The installer gives that impression but I wouldn’t think that would be the case. Also, I assume that the firewall is totally available to the admin to tweak?? I have a static public and run servers so I would like to know any “gotchas” that might affect the setup.
~H
Hi @hanz I am also a newbie to IPFire, so I will answer what I can:
1: Limit of number of interfaces - This I do NOT know, I hope a more experienced user/developer will jump in
2: As far as I have ascertained, yes, the firewall is totally open and available to tweak and change to your heart’s content, while not being overly complicated.
3: I also have a static IP and my own email server behind my IPFire and I can so far say that there are no particular “gotchas” with the exception (in my specific case) of having to explicitly open port 8843 for my email server, which is as it should be.
The IPFire Wiki is an amzing souce of information, it just takes a little concentration to understand some terminology: www.ipfire.org - Welcome to IPFire Documentation
I hope this helps in some small way.
To answer your questions, let us distinguish the topics ‘zone’ and ‘interface’.
IPFire supports up to four networks ( ‘zones’), see www.ipfire.org - Step 5: Network Setup.
Your HW may have more NICs, which can be assigned to the zones by bridging ( this constructs a new ‘interface’ ).
For information I recommend the wiki articles:
with the examples
and
The number of interfaces is limited to 4 and those need to be used as described. One possible exception is using blue0 as a second, wired LAN, but it has restricted functions.
Custom firewall rules can be created and will be checked for parsing. Nevertheless these need need to be created using some knowledge of firewalling, because it is possible to open or block the firewall too much.
Thank you, Bernhard! I was afraid that might be the case. The location I wanted to install IPFire has 5 “zones” (subnets - including WAN) so I can’t use it at this time without reworking the entire system. Perhaps I can install it later on a smaller system. Thanks for your help!
Not quite @hanz
zones are not interfaces nor subnets. If you can’t classify two subnets as “mostly the same zone”, you’re correct, IPFire is not suitable for that location.
But more than four zone (Red, Orange, Blue, Green) it’s something that in my experience is not that usual.
Even commercial products that have more kind of interfaces (WAN, LAN1, LAN2, DMZ, WLAN, OPT) mostly are at least in some sort grouped or duplicated.