I’m missing something in setting up my BLUE internet access.
Devices on GREEN (my LAN) can access the internet and are achieving download speeds of over 630Mbps. However, my WI-FI devices on BLUE cannot surf to websites in a browser.
I have wlan0 and wlan1 Native to BLUE in the Zone Configuration. I have WLAN AP setup and running. I have my WI-FI MAC addresses setup in Blue Access. The Current DHCP leases on BLUE is showing WI-FI devices.
NICs are assigned in the network configuration area as follows:
RED (IP: 192.168.15.15) eth0
GREEN (IP: 192.168.10.1/24) eth1
BLUE (192.168.20.1/24) wlan0 & wlan1
Using my laptop as an example, everything appears correct:
- BLUE DHCP assigns the laptop:
a. IP address of 192.168.20.13
b. Default router 192.168.20.1 and
c. DNS of 192.168.20.1 - I can log into IPFire in a browser at 192.168.10.1:444
- I can ping 8.8.8.8, 192.168.10.1, 192.168.20.1
- I cannot ping computers in GREEN i.e. 192.168.10.4
So the only issue that I have is that the laptop (and other WI-FI devices on BLUE) cannot access any websites via the browser.
The Default firewall behaviour is Forward: Allowed and Outgoing: Allowed. I have not added any firewall rules and the Firewall Rules are showing that Internet is allowed in BLUE:
Firewall Rules
No rules defined
GREEN Internet (Allowed) BLUE (Allowed)
BLUE Internet (Allowed) GREEN (Blocked)
Policy: Allowed
However, in the Firewall Log I’m seeing a number of drops (192.168.20.13 is my Laptop’s IP):
13:04:30 DROP_Wirelessforward blue0 UDP 192.168.20.13 10.64.0.1 48789 53(DOMAIN)
13:04:31 DROP_Wirelessforward blue0 UDP 192.168.20.13 10.64.0.1 47063 53(DOMAIN)
13:04:31 DROP_Wirelessforward blue0 UDP 192.168.20.13 10.64.0.1 47063 53(DOMAIN)
13:04:49 DROP_INPUT red0 UDP 192.168.15.16 192.168.15.255 57621 57621
13:05:16 DROP_INPUT red0 2 192.168.15.1 224.0.0.1
I’m not sure if this has something to do with this, but I see on the DHCP configuration page that my WIFI devices are being assigned an IP from the GREEN and BLUE DHCP servers. I.e. it is showing that my iPad has two current dynamic leases:
192.168.20.11 expiring 29/11/2019 14:31:28
192.168.10.12 expiring 29/11/2019 15:12:53
Any suggestions as to what I’m missing in the setup and how to resolve this issue?