I have a Proxmox server with two physical network interfaces and with a IPFire VM :
vmbr0, which is connected to the RED zone, giving me access to the internet.
vmbr1, which is connected to the GREEN zone, giving me access to my internal network.
vmbr2 which I want to connect to the Orange zone..
They’re all connected and used in IpFire
I want to set up my TP-Link RE220 (a Wi-Fi access point) to broadcast my orange zone network but it should only have limited access to specific internal services (like DNS and NAS) but not to the rest of my internal network,
after some research, it seems that after my Ipfire installation I can not set up a Orange zone because I don’t have it on my web interface, is this true ? And if not how can I set up one ?
As you only have two nics defined in your virtual system, then you either need to define a third nic in the virtual system or you will need to define the Orange zone via a VLAN connection on the Green Zone.
Follow this page in the IPFire documentation but use Orange instead of Blue for the VLAN definition.
I have got this working with a VirtualBox based system.
However I have never done anything with Proxmox so cannot help you with that.
Hopefully there will be other users who have used an additional vlan based interface with proxmox that can help.
gateway of red is an invalid IP address or green needs to be a different ip network to resolve this ip conflict.
Then after that go to zone configuration in IPFire, set green and orange nets to bridge, and assign orange the other interface.
Even though I don’t personally like these visualization programs because it creates an attack surface that is not normally there. PiKVM or IPMI would be better than proxmox or EXSI/vmware.
yes, and green net has a 192.168.1.1 and that is a conflict.
Change green net to 192.168.10.1/24 or some other ip/net Green has to be a different IP net than red
.0 is not a valid IP address in a /24 subnet. You can never assign the first and last IP address in a subnet. The last IP address is always the broadcast IP and I have no idea why the first address can’t be assigned.
it depends on the sub mask but the first and last ip are special use in networking software first ip (usually ending in zero) is the network Identifier while the last address is the net broadcast ip.
But assigning the color network ending in zero as ip is theoretically valid since its the net. However only regular ip net and MAC VLANs are going to be functional.
they use dot zero as a hardware pointer in class C networks. So dot zero was used to express the network. There are a few places today you use dot zero in this classic method, however they are just pointers and it only applies to /24 nets. If you use other subnet masks, you have to keep this zero ip reservation in mind if you run into networking problems. Especially with using different submask types in the system.
The IP address is used, but not in the same way as ones applied on interfaces inside a /24 net.
its an issue with the hyper-V switch. Which is a known issue of it causing conflicts. I heard of people adding another ethernet to fix these issues, but I would use something better than that microsoft product since it always had issues with Linux.
