Routed networks on GREEN

Networking
1

Hello everybody. Been searching everywhere, found nothing, so ask… maybe stupid: If there is a seperate, internal router in the GREEN network, say 172.16…0.0, into more network addresses, like 192.168.30.0, can those internal networks be added to the GREEN zone? Or do I have to declare and rule them one by one?
Second question: IPFIRE seems not to send ICMP redirects, is there a way to enable or do I need routes back into the subnets on every single host on 172.16.0.0? Thx.

2

Hallo @tbaeurle

Welcome to the IPFire community.

The 192.168.30.0 network addresses can not be made part of your Green 172.16.0.0 network as Green has to be a single subnet.

However you don’t have to create a rule for all addresses individually. You can create a Network group in the WUI menu Firewall - Firewall Groups and choose Networks.
https://www.ipfire.org/docs/configuration/firewall/fwgroups/networks

ICMP redirects are disabled in the IPFire kernel due to security concerns.

1 Like
3

Hi @tbaeurle, wellcome.

It seems that I don’t get the idea of the network you propose. Could you present it with draw.io?.

This way we would get an idea of what you need and we can help you better.

Saludos.

1 Like
4

17.04.24, 13_36 Microsoft Lens
17.04.24, 13_36 Microsoft Lens2260×1870 142 KB

Hi. I did a sketch by hand, hope this as good. On the green network there is a router into more local networks. Can these network segments be added to the GREEN zone so that I dont have to explicitly create them and set up all the rules for them? And is there a way to enable ICMP redirects on the GREEN interface so that I do not need to create a routing table entry on all hosts on 172.16.0.0? Thx.

5

when you add a router to a ipfire green network, you concentrate those connections on a router into one green ip address. The router assumes the green connection as the wan connection and all firewall rules in the router apply.

The other way to configure the router is to turn it into a switch of course a wireless router has a access point mode to achieve this easily, but for a LAN router, you would turn off the firewall, nat transversal and its dhcp server. Then the router becomes an extension of the green network. Before managed switches and STP this was a way to span past 3 switches in daisy chain…