Troubles with Internet access from the home network

Hello all,

I have been running the following configuration on a Fritzbox for a good 3 years, since switching from IPCop to ipfire:
ISP => Fritzbox (7520) => red network (DHCP) => ipfire => green network (home network).
In the home network, different devices are connected to the network, including my computer.
Since last weekend, I can no longer access the Internet from the green network.
What happened?
I got an update on my Fritzbox to the OS 7.57 on the said weekend.
All settings were taken over, also a reset to factory settings did not bring any success.
If I connect my computer directly, i.e. in ipfire to the Fritzbox, I can access the Internet. But not via ipfire anymore.
I do not want to exclude an error on my part in the configuration of ipfire, but I want to emphasize that I have not changed anything in this configuration. No device, even ipfire can no longer access the Internet. I can only access the web interface of the Fritzbox, but from there it does not go any further. Since the weekend I’m looking for a solution and have already written to the support of AVM, the answer was sobering and says it is not the Fritzbox.
I know no more advice especially since I now also no longer get updates from ipfire itself.
But I do not want to give up my home network and run everything only via the Fritzbox.
I would like to note that my configuration on different Fritzboxes with different operating systems has run flawlessly so far. I also know that the actual error is probably in the new OS 7.57 to look for, but AVM can not or will not help me, so I try it here once.

Has anyone had similar experiences and found a solution?
Tell me what more info you need and I will share it.

With best regards
defiant2369

I think… that way more info is necessary.
Starting from ip configuration of Fritzbox and IpFire. The latter “both sides”.

1 Like

btw. I’m from german. I’ll send some picture from configuration of my fritz and of ipfire:
(Exuse me but the config of the fritzbox is only in german)

first the config of fritz

I hope this will helpful

config of ipfire:

First of all: I dont speak german. The forum is international oriented, so english might be preferable.
Second, you can post images directly to the forum, without using drive.
Meaninful images…



I suppose also that “PortFreigaben” should mean “Port forwarding”, more or less. But I’m not sure.

Firewall rule 3: did you wrote it? Why you wrote in this way?
Which is the IP Address of IPFire on interface Green? Address for RED should be 192.168.178.21, according to your screenshots.

3 Likes

Hello @defiant2369 welcome to our community.

Use this challenging situation as a chance to learn more, specifically how to troubleshoot network issues. What follows is a common way to do it. Access the IPFire console and open two separate terminal windows.

In the first terminal, execute the following command to view the real-time kernel logs:

tail -f /var/log/messages

You can exit this at any time by pressing Ctrl+C.

In the second terminal, first make sure you can ping your gateway (fritzbox) and a server in the internet side of your red interface (e.g. www.google.com). Then, run the command below to initiate a connection to Google’s server and retrieve the header of its homepage:

curl -I http://www.google.com

While this command is executing, observe the first terminal for any kernel logs that are generated during this process. Capture these logs and share them here for further analysis.

1 Like

looks like a rule intended to allow NTP traffic for clock synchronization between Fritzbox and IPFire, which I do not understand as it has the Fritzbox as source and the multicast address reserved for the Network Time Protocol as destination. Basically, this rule is “allowing” the traffic from the fritzbox to go to the multicast address. Traffic that should not be going through IPFire anyway.

1 Like

If the problem arose just the update to the FritzBox with no modifications to IPFire, I think the source is located in FritzOS. Are there any settings intrepreted now in another way?
Fritzbox does it own NAT, are there any firewall settings which are active now with new OS? Sometimes settings are defined, but with no real effect.
Is the second LAN connection to the desktop only for error searching or was it existent before? What is the purpose of this device?

If even IPFire doesn’t get internet access, there must be the problem in FritzOS. The tips of cfusco can help to analyse this.

1 Like

https://download.avm.de/fritzbox/fritzbox-7520/deutschland/fritz.os/info_en.txt

Port sharing is the term used in FritzOS for NAT. I would guess OP should have a port forward rule set to redirect (all?) the traffic to IPFire. In the change log there are few bugs that were corrected in the “Port Sharing” domain. Maybe these changes triggered the new behavior?

When Fritz OS was updated the Fritzbox likely was rebooted. Was IPFire rebooted afterwards. IPFire might still be expecting the previous IP and the Fritzbox might be giving a new one and refusing the old one.

The logs would be good to check this out and seeing what settings the red interface currently has.

2 Likes

I know that the forum is international, that’s why I wrote in English right away :wink:
And as a newbie, unfortunately I could not insert pictures, also it was only possible for me to post 2 links.
As for rule 3, I don’t remember why I made this rule 3 years ago.
Rule 6 is new, but this one didn’t bring a solution either.

1 Like

As for the 2nd lan connection, that is now my computer and without that connection I would not have internet access. This connection is new.
And yes, I also think the problem is the new OS, but AVM, the manufacturer of the Fritzbox is silent on this. The update also came as a surprise and fixes some heavy security hole. What exactly that is, AVM is silent. Without this update, my configuration ran for 3 years on different Fritzboxes with different OS versions.

here is the information you requested, additionally I copied and attach the pings:

Last login: Thu Sep 14 14:20:17 2023 from 192.168.1.65
[root@ipfire ~]# tail -f /var/log/messages
Sep 14 14:29:34 ipfire unbound: [5919:0] info: validation failure <pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:29:34 ipfire unbound: [5919:0] info: validation failure <pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:29:34 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=52512 DF PROTO=UDP SPT=52234 DPT=53 LEN=50
Sep 14 14:29:34 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=52513 DF PROTO=UDP SPT=52234 DPT=53 LEN=50
Sep 14 14:29:46 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:29:46 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Sep 14 14:29:46 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:29:46 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:29:54 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=128 ID=52220 PROTO=UDP SPT=58175 DPT=53 LEN=46
Sep 14 14:29:54 ipfire unbound: [5919:0] info: validation failure <community.ipfire.org. A IN>: key for validation . is marked as invalid
Sep 14 14:30:14 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=57 TOS=0x00 PREC=0x00 TTL=128 ID=52251 PROTO=UDP SPT=60582 DPT=53 LEN=37
Sep 14 14:30:14 ipfire unbound: [5919:0] info: validation failure <w.deepl.com. A IN>: key for validation . is marked as invalid
Sep 14 14:30:19 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=128 ID=52257 PROTO=UDP SPT=59674 DPT=53 LEN=46
Sep 14 14:30:19 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=52259 PROTO=UDP SPT=52401 DPT=53 LEN=44
Sep 14 14:30:19 ipfire unbound: [5919:0] info: validation failure <client.dropbox.com. A IN>: key for validation . is marked as invalid
Sep 14 14:30:28 ipfire sshd[31295]: Accepted password for root from 192.168.1.65 port 38662 ssh2
Sep 14 14:30:36 ipfire unbound: [5919:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN
Sep 14 14:30:36 ipfire unbound: [5919:0] info: validation failure <1.ipfire.pool.ntp.org. A IN>: no DNSKEY rrset from 192.168.178.1 for trust anchor . while building chain of trust
Sep 14 14:30:36 ipfire unbound: [5919:0] info: validation failure <1.ipfire.pool.ntp.org. AAAA IN>: no DNSKEY rrset from 192.168.178.1 for trust anchor . while building chain of trust
Sep 14 14:30:36 ipfire unbound: [5919:0] info: validation failure <1.ipfire.pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:30:36 ipfire unbound: [5919:0] info: validation failure <1.ipfire.pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:30:40 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:72:74:c4:73:fa:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=6498 DF PROTO=2
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=53741 DF PROTO=UDP SPT=49896 DPT=53 LEN=38
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=53742 DF PROTO=UDP SPT=49896 DPT=53 LEN=38
Sep 14 14:30:40 ipfire unbound: [5919:0] info: validation failure <pool.ntp.org. A IN>: key for validation . is marked as invalid
Sep 14 14:30:40 ipfire unbound: [5919:0] info: validation failure <pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=53743 DF PROTO=UDP SPT=37692 DPT=53 LEN=38
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=53744 DF PROTO=UDP SPT=37692 DPT=53 LEN=38
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=53745 DF PROTO=UDP SPT=40796 DPT=53 LEN=50
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=53746 DF PROTO=UDP SPT=40796 DPT=53 LEN=50
Sep 14 14:30:40 ipfire unbound: [5919:0] info: validation failure <pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:30:40 ipfire unbound: [5919:0] info: validation failure <pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=53747 DF PROTO=UDP SPT=44647 DPT=53 LEN=50
Sep 14 14:30:40 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:00:11:32:84:64:e3:08:00 SRC=192.168.1.56 DST=192.168.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=53748 DF PROTO=UDP SPT=44647 DPT=53 LEN=50
Sep 14 14:30:41 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=61 TOS=0x00 PREC=0x00 TTL=128 ID=52342 PROTO=UDP SPT=58938 DPT=53 LEN=41
Sep 14 14:30:41 ipfire unbound: [5919:0] info: validation failure <play.google.com. A IN>: key for validation . is marked as invalid
Sep 14 14:30:44 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=128 ID=52358 PROTO=UDP SPT=50870 DPT=53 LEN=46
Sep 14 14:30:49 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=52373 PROTO=UDP SPT=64425 DPT=53 LEN=44
Sep 14 14:30:49 ipfire unbound: [5919:0] info: validation failure <client.dropbox.com. A IN>: key for validation . is marked as invalid
Sep 14 14:30:50 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Sep 14 14:30:50 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:30:50 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:30:50 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:31:09 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=128 ID=52450 PROTO=UDP SPT=64131 DPT=53 LEN=46
Sep 14 14:31:09 ipfire unbound: [5919:0] info: validation failure <community.ipfire.org. A IN>: key for validation . is marked as invalid
Sep 14 14:31:12 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=61 TOS=0x00 PREC=0x00 TTL=128 ID=52463 PROTO=UDP SPT=53432 DPT=53 LEN=41
Sep 14 14:31:12 ipfire unbound: [5919:0] info: validation failure <play.google.com. A IN>: key for validation . is marked as invalid
Sep 14 14:31:12 ipfire unbound: [5919:0] info: validation failure <www.goggle.com. A IN>: key for validation . is marked as invalid
Sep 14 14:31:12 ipfire unbound: [5919:0] info: validation failure <www.goggle.com.localdomain. A IN>: key for validation . is marked as invalid
^C
[root@ipfire ~]# TL=128 ID=51498 PROTO=UDP SPT=60196 DPT=53 LEN=46
Sep 14 14:25:17 ipfire unbound: [5919:0] info: validation failure <community.ipfire.org. A IN>: key for validation . is marked as invalid
Sep 14 14:25:29 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=128 ID=51514 PROTO=UDP SPT=50870 DPT=53 LEN=42
Sep 14 14:25:29 ipfire unbound: [5919:0] info: validation failure <bolt.dropbox.com. A IN>: key for validation . is marked as invalid
Sep 14 14:25:30 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Sep 14 14:25:30 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:25:30 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:25:30 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
[root@ipfire ~]# tail -f /var/log/messages
Sep 14 14:24:26 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:24:26 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Sep 14 14:24:26 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. A IN>: key for validation . is marked as invalid
Sep 14 14:24:26 ipfire unbound: [5919:0] info: validation failure <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: key for validation . is marked as invalid
Sep 14 14:24:27 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=128 ID=51376 PROTO=UDP SPT=61819 DPT=53 LEN=46
Sep 14 14:24:52 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=51432 PROTO=UDP SPT=60585 DPT=53 LEN=48
Sep 14 14:24:52 ipfire unbound: [5919:0] info: validation failure <client.wns.windows.com. A IN>: key for validation . is marked as invalid
Sep 14 14:24:52 ipfire kernel: INPUTFW IN=green0 OUT= MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=192.168.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=128 ID=51435 PROTO=UDP SPT=59948 DPT=53 LEN=46
Sep 14 14:24:53 ipfire kernel: FORWARDFW IN=green0 OUT=red0 MAC=00:01:2e:78:c6:ed:50:eb:f6:b5:fa:e2:08:00 SRC=192.168.1.65 DST=149.154.167.222 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=8626 DF PROTO=TCP SPT=38111 DPT=443 WINDOW=64240 RES=0x00 SY^C=128 ID=51675 PROTO=UDP SPT=62948 DPT=53 LEN=461.1 LEN=66 TOS=0x00 PREC=0x00 T
[root@ipfire ~]# ^C
[root@ipfire ~]# ping 192.168.178.1
PING 192.168.178.1 (192.168.178.1) 56(84) bytes of data.
64 bytes from 192.168.178.1: icmp_seq=1 ttl=64 time=0.541 ms
64 bytes from 192.168.178.1: icmp_seq=2 ttl=64 time=0.336 ms
64 bytes from 192.168.178.1: icmp_seq=3 ttl=64 time=0.259 ms
64 bytes from 192.168.178.1: icmp_seq=4 ttl=64 time=0.255 ms
^C
--- 192.168.178.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3055ms
rtt min/avg/max/mdev = 0.255/0.347/0.541/0.116 ms
[root@ipfire ~]# curl -I http://www.goggle.com
curl: (6) Could not resolve host: www.goggle.com
[root@ipfire ~]#

That rule should be unnecessary. Both Blue and Green have free access to the red interface.

you misspelled google. Try again with the correct URL. Regardless, it looks like there is a problem with IPFire DNS cache server. Can you post a screenshot of of /Networks/Domain Name System from the web user interface?

EDIT: for your own privacy, you should edit your post and anonymize the mac addresses (AA:BB:CC:DD:EE:FF and variations would do the job).

1 Like

I meant the 2nd LAN port on my Fritzbox. Without the direct connection at the Fritzbox I have no access to the Internet.

Sorry, my fault. Here is it:

Last login: Thu Sep 14 14:30:28 2023 from 192.168.1.65
[root@ipfire ~]# curl -I http://google.com
curl: (6) Could not resolve host: google.com
[root@ipfire ~]#

Your poor IPFire machine does not know to whom ask for name resolution. Your ISP automatic assignment of name servers is failing somewhere. My guess is that Frizbox is not passing the information to IPFire with the DHCP negotiation (assuming IPFire gets its IP assigned through DHCP by Fritzbox).

2 Likes

Yes, the IP is forwarded from the Fritzbox to IPFire using DHCP

Fritzbox is forwarding its own private IP address as the Name Server, not the provider’s DNS ip addresses. Which it would be all right if Fritzbox would provide a DNS cache service like unbound does in IPFire. It seems that it does not or that the DNS cache server is not functioning. I am not sure which of the two would be.

In the log I posted above, there are modifications attributed to the DNS. You should assign manually a DNS to IPFIre. If then the problem disappears, you now know what to tell AVM technical assistance (which is: FritzOS DNS provider assignment to IPFire is not working properly).

1 Like