there is something i don’t understand: i want to replace a router with ipFire (to use a VPN later).
i started from scratch, clean ipFire, firewall settings forward allowed, outgoing allowed, no rules.
green 10.1.148.0/255.255.255.0, red via DHCP
internet works perfectly for all clients.
then i need a static route to access another network with a router and card readers (healthcare).
so static route: 10.207.0.0/16 to 10.1.148.254
i can ping the router and the card readers but no further communication possible (the router has an internal web page, no access).
same settings with a router (i tried a fritzbox): no problems.
something must be missing in ipFire settings.
any ideas?
The DNS is blocked by default in the lan and it needs a rule to allow the green zone to reach the DNS. Maybe also the web service is blocked by default for the internal netwoks? Try to create a rule in the firewall with Source = green network, Destination = firewall (green), Service = HTTPS -> accept and see if it works. Do not forget to apply the new rule.
@lema The question is on how healtcare router connects with ipfire green0 (Green network)
If there is a Layer 2 between healtcare router (the network card that has ip 10.207.47.114 assigned) then it should work. This seems to be the case of the fritzbox which I presume also has a switch in it (L2 switching)
If not (there is any Layer 3 routing) you need to create routes from each end to the other end: each end must know how to reach the other end -> like a N2N vpn setup where you need each side of the tunnel to know what relies on the other end.
i added the rules (DNS, http, https and a few others)
green -> firewall(green)
but it’s still the same: a router works, ipFire still blocks communication.
Then H&M is probably right. Try to create static routes on both ends (IPFire and Healthcare). Also, you should connect to the console, and check the kernel log with “tail -f”, then try to reach the web interface of healthcare and see what happens to the logs. Control-c to get out from tail.
Sadly the healthcare router (part of the national healthcare system) cannot be accessed except the https frontend which only allows to see if the card readers are up and working.
For testing i configured a rule allowing all ports from 10.207.0.0/16 to Firewall(green) and later in desperation also to Firewall(all).
It’s staying the same: a simple router can, ipFire can’t. I know that when this problem is solved it will turn out as an advantage that ipFire is that picky sigh
If it is a layer 2 problem, it’s not IPFire as an operating system and software stack that cannot reach healthcare (or the other way around), it’s the hardware. What if you put a simple switch between IPFire and healthcare?
@cfusco: i’ll try this next time noone is using the network. @fpausp: it should be correct, if i use a router instead of ipFire, it works. but you never know, i’ll try that too. and let both of you know.
