Red interface ip (public ip ) and internal subnet ip (public ip) cannot ping each other

Hello,
I install ipfireos and configure static ip(public ip) on ipfire 2.25-152，then configure internal network server with subnet and public ip. when test, subnet ip (192.168.9.193) can ping to red interface ip [public static ip(1.xxx.232.146) and subnet gateway(192.168.9.3) which config to ipfire]，but public ip with red interface and internal physical server can not ping each other.
I deploy private cloud with k8s in physical server, and the web url should public to ethernet for visiting.

I have 4 public ip for each physical machine.
gateway: 1.xxx.232.145
ip: 1.xxx.232.146-150

the following is physical architecture.

my question:

1. how can public ip ping each other with red interface public ip(1.xxx.232.146) and internal physical server public ip(1.xxx.232.147-150)?

2. how can I configure so that my application can be accessed normally from the external network?

image633×579 35.8 KB

thanks

Welcome to the community.

First you should separate public IPs and private IPs. Usually the local networks of IPfire use private IPs. IPFire routes the WAN traffic to the LAN(s) doing NAT.

Servers in the local networks are either reached by DNAT firewall rules ( for GREEN/BLUE ) or placed in the DMZ ORANGE.

Concerning multiple public IPs on RED just search the community or the wiki. If there are more questions ( I suppose, there will be ), just ask.

thanks for your reply,I will try again according to your suggestion.