RE220 Guest network on IPfire

Hi,

I have a Proxmox server with two physical network interfaces and with a IPFire VM :

vmbr0, which is connected to the RED zone, giving me access to the internet.
vmbr1, which is connected to the GREEN zone, giving me access to my internal network.
vmbr2 which I want to connect to the Orange zone..

They’re all connected and used in IpFire

I want to set up my TP-Link RE220 (a Wi-Fi access point) to broadcast my orange zone network but it should only have limited access to specific internal services (like DNS and NAS) but not to the rest of my internal network,

after some research, it seems that after my Ipfire installation I can not set up a Orange zone because I don’t have it on my web interface, is this true ? And if not how can I set up one ?

Hall @quentins

Welcome to the IPFire community.

As you only have two nics defined in your virtual system, then you either need to define a third nic in the virtual system or you will need to define the Orange zone via a VLAN connection on the Green Zone.

Follow this page in the IPFire documentation but use Orange instead of Blue for the VLAN definition.

https://www.ipfire.org/docs/configuration/network/zoneconf/vlan2nic

1 Like

Hi Adolf,

First of all thanks for helping me !

After following the documentation I have this result :

But I don’t have a internet acces neither on the LAN or to RED when trying to connect to ORANGE
Could you tell me if I did something wrong ?

I have got this working with a VirtualBox based system.

However I have never done anything with Proxmox so cannot help you with that.
Hopefully there will be other users who have used an additional vlan based interface with proxmox that can help.

Weird…

The thing is that it says ORANGE is Online :

image

I can’t seem to find why it wouldn’t work…

If it can help here’s my config in IpFire :

And my configuration in Proxmox

gateway of red is an invalid IP address or green needs to be a different ip network to resolve this ip conflict.

Then after that go to zone configuration in IPFire, set green and orange nets to bridge, and assign orange the other interface.

Even though I don’t personally like these visualization programs because it creates an attack surface that is not normally there. PiKVM or IPMI would be better than proxmox or EXSI/vmware.

I don’t understand, the RED gateway, is my main router on RED.

yes, and green net has a 192.168.1.1 and that is a conflict.
Change green net to 192.168.10.1/24 or some other ip/net Green has to be a different IP net than red

Right GREEN and RED are in the same subnet. That is not allowed.

Oops, sorry my mistake,

My whole network is on 0.1 I’ve just made a change that i didn’t revert on the screenshot, but it should actually be :

RED : 192.168.1.1

GREEN : 192.168.0.1

EDIT :

Wasn’t a mistake it was already like that and when I’ve tried to change it to 0 it simply didn’t worked.

I’ve changed it to 3 and now it’s working but ORANGE still doesn’t have internet acces idk why ?

This is my config now :
image

.0 is not a valid IP address in a /24 subnet. You can never assign the first and last IP address in a subnet. The last IP address is always the broadcast IP and I have no idea why the first address can’t be assigned.

Like this ?

And this ?

image

it depends on the sub mask but the first and last ip are special use in networking software first ip (usually ending in zero) is the network Identifier while the last address is the net broadcast ip.

But assigning the color network ending in zero as ip is theoretically valid since its the net. However only regular ip net and MAC VLANs are going to be functional.

for orange clients use static address
gateway Orange’s ip address: 192.168.2.1
primary dns orange: 192.168.2.1
secondary DNS green: 192.168.3.1

Yes, I know, but why is the network identifier not usable? To me it is just a waste of an IP address.

they use dot zero as a hardware pointer in class C networks. So dot zero was used to express the network. There are a few places today you use dot zero in this classic method, however they are just pointers and it only applies to /24 nets. If you use other subnet masks, you have to keep this zero ip reservation in mind if you run into networking problems. Especially with using different submask types in the system.

The IP address is used, but not in the same way as ones applied on interfaces inside a /24 net.

I’ve tried this but still not Internet acces :

its an issue with the hyper-V switch. Which is a known issue of it causing conflicts. I heard of people adding another ethernet to fix these issues, but I would use something better than that microsoft product since it always had issues with Linux.