Setup IP fire with a proxy server, no Internet on green

Hi, I’m having some issues, this is how my setup is:

Green: (proxy server/network)
192.168.1. 10

Blue: (wifi)
192.168.1.11

Red: (router)
192.168.1.12

I can’t seem to get Internet on Green. Green however is a PC/Proxy Server for all the users in the network with static IP addresses and rules/filters and proxy port for Internet. I’m not sure if this matters.

However if I connect my laptop to the same port (Green) I can access the Web UI, but not from a pc that’s connected under the proxy server.

I hope that anyone can help me and that my explanation is clear.

Wellcome @seeees.

This firewall (IPFire) works with NAT. In other words, both the GREEN (lan), RED (wan) and BLUE (wlan) ranges are segmented.

It is like the Routers of the ISPs. That is, you have a Public IP (wan) and there is a translation through NAT to the Private IP (lan).

If you set it like this, it will never work, since from GREEN (lan) it thinks that its gateway (RED) is in the same IP range and the packets will never go out.

image382×638 40.8 KB

I hope I have explained myself.

@seeees : Let’s explain it more precisely.

IPFire is a firewall, which connects local network(s) to the WAN ( see wiki.ipfire.org - What is IPFire? ).
To achieve this, all networks handled must be disjunct. This is the routing functionality in IPFire.
Your setup puts all networks into 192.168.1.0/24. So you logically have three devices in this net in your IPFire system. How should the routing decisions be made?

All 3 Networks are the same 192.168.1.*
Typically Red uses DHCP from your provider or other router.
So You could set GREEN as 192.168.10.* the network card you will
typically set to 192.168.10.1… In this example.
BLUE 192.126.11.*
in a 255.255.255.0 subnet they will not overlap.
Would recommend not using 192.168.1.*
if you are behind another ISP or Store router or plan to use IPsec.

Thanks for the info, it’s setup now as:
192.168.1.10 (Red)
Router

192.168.10.1 (Green)
Network

192.168.11.10 (Blue)
WiFi

I set the DNS as 8.8.8.8
And firewall rules to allows ports from green to red

But I still have no Internet access on Green. I can ping and access the Web ui, what could I be missing?

Thanks

Did you change your network settings also?
Red 192.168.1.0/24 ( or DHCP )
Green 192.168.10.0/24
Blue 192.168.11.0/24

Hi again.

For comunication from green to red, no need nothing.

wiki.ipfire.org - Firewall Default Policy

Can you ping to google.com from IPFire’s ssh?.

Br

The devices connected to the ip fire ethernet ports need to be in the same subnet/ip range of the IP Fire NIC’s, that’s what you mean right?

Because the devices connected to red, green and blue are all 192.168.1.*

Thanks for the info and the helpful link. I will try this tomorrow! So there’s no need for any firewall rules from green to red? Only for red to green to allow Internet access?

The standard setup of IPFire is

• allow connection establishment from local networks ( green, blue ) to the WAN ( red ).
• This connection state is in the firewall. ( <LAN_IP>:<client_port> —> <WAN_IP>:<destination port> )
• This information is used to allow and send packets from <WAN_IP>:<destination port> to <LAN_IP>:<client_port>.

Therefore it isn’t necessary to define extra FW rules.
As said before, the routing function demands all networks are disjunct. Means

• red0: IP 192.168.1.10, network 192.168.1.0/24 ( if you have a static WAN connection )
• green0: IP 192.168.10.1, network 192.168.10.0/24
• blue0: IP 192.168.11.10, network 192.168.11.0/24

Thanks again for the clear explanation it helped a lot, I now have Internet on the proxy server on green, not on the clients/users connected to the proxy server for some reason but I don’t think it has to do with IP fire?