I’m thinking about giving Ipfire another try, but I was curious about the Static Routes option, because I remember that I was unable to connect to the internet with my Ipfire firewall/router until I just added (via the WUI) a Static Route to a range of IP addresses that, I think, must have included the gateway address from my ISP/fiber.
The ISPs here should be using DHCP. I don’t think that I checked any RED logs to see what was going on at the time, unfortunately. (Home network.)
My main concern: Does it make any sense that I was able to connect to the internet with the static route, but not with the standard setup? Is it a bad idea? I don’t know exactly how the static route works: am I sharing my entire GREEN & BLUE network with the WAN and the world, bypassing the firewall, or something like that?
I’m now aware that some ISPs won’t connect to the internet until the MAC used by RED has been connected for some time, but I’m still sure it needed that static route.
Here’s the documentation for Static Routes:
The example shows a static route to a local IP address, so I wasn’t very confident about using this setting for the external connection to the internet…
Ok, thanks. I’ll try to get an internet connection with the regular setup procedure, and I’ll check DNS is ok. The “Static Routes” in the WUI just seemed a bit obscure and perhaps not meant to ever be used in this way: *do you think specifying an IP range that covers the gateway here might break the firewall, create a security nightmare, or something like that?
Would you ever expect adding a gateway IP in the “setup for a DHCP IP address for the RED interface” (initial setup) to be required? I must have tried that before I tested adding the IP range as the static route…
In IPfires The importance of a functional DNS with DNSSEC.
Can not be under stated. That this is a core feature.
Without DNSSEC Getting to the WWW (RED zone) is not going to happen… This should be the First thing you do after you log in to the WUI.
It is recommended to use more than one DNS server.
In your Domain Name System.
I don’t think it is good idea to set an ‘own’ gateway address in a DHCP connection.
DHCP is a protocol to supply a client with the informations valid in network attached to the NIC.
In the local network we demand, that the clients use the network info distributed by IPFire using dhcpd. This allows definition of effective policies.
Why should an IPFire system violate this rule in the client role on the WAN side?
