Hi, I’m having some issues, this is how my setup is:
Green: (proxy server/network)
192.168.1. 10
Blue: (wifi)
192.168.1.11
Red: (router)
192.168.1.12
I can’t seem to get Internet on Green. Green however is a PC/Proxy Server for all the users in the network with static IP addresses and rules/filters and proxy port for Internet. I’m not sure if this matters.
However if I connect my laptop to the same port (Green) I can access the Web UI, but not from a pc that’s connected under the proxy server.
I hope that anyone can help me and that my explanation is clear.
This firewall (IPFire) works with NAT. In other words, both the GREEN (lan), RED (wan) and BLUE (wlan) ranges are segmented.
It is like the Routers of the ISPs. That is, you have a Public IP (wan) and there is a translation through NAT to the Private IP (lan).
If you set it like this, it will never work, since from GREEN (lan) it thinks that its gateway (RED) is in the same IP range and the packets will never go out.
IPFire is a firewall, which connects local network(s) to the WAN ( see wiki.ipfire.org - What is IPFire? ).
To achieve this, all networks handled must be disjunct. This is the routing functionality in IPFire.
Your setup puts all networks into 192.168.1.0/24. So you logically have three devices in this net in your IPFire system. How should the routing decisions be made?
All 3 Networks are the same 192.168.1.*
Typically Red uses DHCP from your provider or other router.
So You could set GREEN as 192.168.10.* the network card you will
typically set to 192.168.10.1… In this example.
BLUE 192.126.11.*
in a 255.255.255.0 subnet they will not overlap.
Would recommend not using 192.168.1.*
if you are behind another ISP or Store router or plan to use IPsec.
Thanks for the info and the helpful link. I will try this tomorrow! So there’s no need for any firewall rules from green to red? Only for red to green to allow Internet access?
Thanks again for the clear explanation it helped a lot, I now have Internet on the proxy server on green, not on the clients/users connected to the proxy server for some reason but I don’t think it has to do with IP fire?