Hi IPFire community:
I’ve been working with routers and switches for some time now. My only experience with firewalls is that you have to call some other team and ask them open up a rule for my traffic or check the logs to see if my traffic is denied.
I finally decided to go more hands on and start trying out some firewalls in my gns3 lab.
Doing IPFire basic configuration in gns3 was brilliantly simple. I only had one issue that cost some time and caused a bit of confusion. At first I didn’t quite grasp the significance of the step where we assign a MAC to a network. I finally understood the logic that the last byte in the MAC corresponds to the interface number. The install would have gone smoother if the step explicitly stated that you are choosing a MAC for eth0, eth1, etc.
I finally understood the logic that the last byte in the MAC corresponds to the interface number.
to my knowledge, this happens if your hardware comes with two or more NICs from the same vendor built-in. If a NIC is required and installed as a PCI card, for example, its MAC will most likely differ completely from the others.
Or am I missing something?
Thanks, and best regards,
Sorry I wasn’t clear about that. I’m running qemu emulation in gns3. The NICs are all virtual.
I think this issue/misunderstanding was partly caused by gns3.
As Peter said, if you install IPFire on real hardware, there is no predetermined order.
You would populate your machine with the interfaces you need (Gigabit, WLAN, SFP fiber module, …). Each of these interfaces has it’s own MAC address, which you have to find out & write down beforehand. During setup, you use the MAC addresses to assign the desired interface to each firewall zone, e.g. SFP for WAN, Gigabit for LAN, and so on.
In your case, the procedure would be similar: You would look up which MAC gns3 assigned to the interface you decided to use for LAN/GREEN. Then you choose this MAC in the setup menu and continue with WAN, DMZ, … until all interfaces are assigned as desired.
Look at this screenshot from the IPFire wiki and you will see why this is easier to understand with real hardware:
P.S. welcome to IPFire
I use kvm only for testing IPFire.
This requires a bridged virtual NIC that I name “red” plus an isolated that I name “green”. Those names show in IPF.