Hi all, I have one machine with 2 NICs (Red and Green) running IPFire. NIC1 is Red and is connected to WAN, NIC2 is Green and is connected to a managed switch and serves my home network.
I now need to add a work firewall device to my home network, which will tunnel to my office network behind the scenes.
The plan was to create a separate VLAN on the swtich for this traffic, and put it on a separate subnet using the Blue zone. Home traffic would all traverse over NIC2 Green (192.168.1.0), work traffic would traverse over NIC2 Blue (192.168.2.0), and the two would not be able to interact. After going through the forums, I’m seeing lots of people struggling with VLAN traffic when they have fewer NICs than zones, and I have a similar question.
Here’s my initial setup, but not having any luck yet. My first assumption would be to set the blue zone to VLAN 2 (My work network VLAN) on same same NIC as the Green zone, since they’re physically on the same NIC. I’ve also disabled the Blue zone MAC filtering with a rule. So far I’m not getting any connection from any device on that VLAN though:
A followup question as well. Once I can get devices connecting on Blue (which I’m still not sure what this issue is there), will DHCP pick them up even though Blue has a different subnet defined, or will they need to be static IPs?
Followup to the previous question, I don’t seem to have a DHCP server availble to enable on Blue. Is that not possible without a physical NIC? Ideally Blue (and the associated VLAN devices) would have their own DHCP server for the 192.168.2.0 range.
Yep I did, in fact I just reinstalled from scratch to be sure. Core 170 (which is my first foray into IPFire).
I have 2 NICs, chose “Red, Green, Blue” network, selected the NICs for red and green, and left Blue empty. I configured an IP for Green and Blue, and set Red to DHCP. Setup reminded me that I hadn’t chosen a NIC for Blue, and I chose ignore.
Both times now I haven’t had a DHCP option for Blue in the WUI. In fact, now that I think of it I haven’t been prompted for a DHCP range for Blue at all during the setup process, only for Green. Could it be a bug I’m running into? Would anyone be able to confirm if they get asked for options for a Blue DHCP server if they configure the way I do on Core 170?
When you are installing then you only ever get asked to enter the dynamic dhcp address range for Green. It is never asked for Blue.
The aim is that this gives you access for a computer on Green to open up the WUI. Then from their you can set up the dhcp settings for both Green and Blue, if present.
I have never tried what you are trying and don’t know if it should work the way you are finding or not.
I will try it out on my vm testbed system but that will have to wait for some other evaluations that are ongoing currently. Will get back once I have been able to test it out.
Strangely, that Blue MAC address doesn’t exist on the system at all and I certainly didn’t enter it, unless the system creates it as a placeholder or something?
[root@router ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
link/ether 00:01:2e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global green0
valid_lft forever preferred_lft forever
3: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
link/ether 00:01:2e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 24.1.xxx.xxx/22 brd 255.255.255.255 scope global dynamic noprefixroute red0
valid_lft 250377sec preferred_lft 207177sec
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc cake state DOWN group default qlen 1000
link/ether 0c:54:15:xx:xx:xx brd ff:ff:ff:ff:ff:ff
I managed to get some time today to do an install of red green and blue on 2 nics on my vm testbed.
I was able to successfully end up with a green network and a blue vlan network on the same network interface and ended up with both red and green dhcp options.
Set up a vm with 2 nics. Ran install from CU170 iso.
Selected red, green and blue network type.
Assigned green and red to the two interfaces, selected ignore for the fact that blue flagged as not being assigned.
System booted and I went into the WUI.
The dhcp page only had the green option.
On the Zone Configuration page I added the Blue zone as a VLAN with an VLAN ID and pressed save. It then said to reboot which I did.
Then I went into the console and ran setup again and this time when selecting blue it had an interface available, which is the blue0 on green0 vlan shown as blue0@green0 interface on the ip address show output.
Having selected blue to the new interface I then exited from setup and went back to the WUI and now on the dhcp page I had both green and blue dhcp options. I then added in the blue dynamic range and enabled it.
Then rebooted again just to be certain and everything stayed with green and blue on dhcp and zone configuration with green and blue on vlan and ip address show giving the same output.
I would defintely second adding that to the wiki… I haven’t seen any mention of needing to go back into setup anywhere online.
However, in my screenshot above, I’m definitely not getting the blue0@green0 device after configuring the blue zone to vlan in the WUI, nor am I able to select it when re-running setup. The only difference is that I have a wlan0 device that I’m not using… Since I don’t need it I’ll try physically removing the device and see if that makes a difference, to eliminate any potential for a device detection bug involving it.
