Unable to get internet on the Wifi Blue network

domsheldon1 · 8 March 2021 14:57

Hello,
Help please!

Unable to get internet on the Wifi Blue network.
I don’t understand the problem.

bonnietwin · 8 March 2021 16:55

I don’t know enough to be able to tell you what the problem is but in situations like yours, I would go back to the simplest default condition, so disable the proxy, disable the firewall rules and put the policies back to default.
Confirm that you can then access the internet on blue then re-introduce the various policies and rules one at a time until you find the one that stops you getting access.
Then you will know what part/change needs to be worked on to get access again before introducing the next conditions/rules.

jon · 8 March 2021 18:12

Maybe Enabled on Blue needs to be checked…

ip-mfg · 8 March 2021 18:25

A few steps from my side:
Do you have access to the to the web interface of the ipfire (if yes your wifi works)?
Do you have access from green network to the internet?
Are the any differences in the DNS rules between green and blue?

Personally I prefer in the outgoing rules"interface red" to “red” and not Any

domsheldon1 · 8 March 2021 18:28

Thank you for your interest.

domsheldon1 · 8 March 2021 18:30

Why internet is blocked for the blue network. It’s quite curious.

domsheldon1 · 8 March 2021 18:34

ip-mfg · 8 March 2021 18:54

that are my rules and they work

domsheldon1 · 8 March 2021 19:23

Thank you! Can you give me the points with an arrow?

ip-mfg · 8 March 2021 21:12

Well, screen shots will not do by the amount of arrows. I will try it this way, I am afraid with a lot of abbriviations, but they shouldt self explaining if you look in the rule definition:

FR 2
S: Green D: DE-Germany P: ICMP Echo Request 8

OFA 1
FW-Red to SN Red Services DOT
OFA2
FW Red to SN Rds Service Groupe: WebProxy
OFA4
FW Red to SN Rds Service Groupe: WebProxy ICMP echo-request 8
OFA5
FW Red to SN Rds Service Groupe: WebProxy Service: Whois

S: DOT = TCP 853
SG: WebProxy = FTP21, HTTP80, HTTPS443

domsheldon1 · 9 March 2021 12:33

Hello, Is it possible that the provider is blocking the output with its firewall?

IP of a PC on a blue network: 192.168.10.20
DNS IP: 192.168.10.1

GREEN: 192.168.2.1 / 24

ip-mfg · 9 March 2021 15:55

From my perspective of view the provider can’t distinguish between your green and your blue network. He only knows the output of the red one.
So if the green network works the blue one should do as well.

friseer · 11 March 2021 09:13

you DON’T have to shoot any firewall rule. What you only have to do is:

Take your PC/IP from this section in network, DHCP server
current dynamic assignments

you can give an other unique IP. You must not take the one from DHCP

Then go to this section in firewall ,access to blue and take your IP/PC again
current DHCP assignments on blue

thats it.
BTW you have access to green from special IPs
AND internet if you set the DNS for blue in DHCP server.

if you had looked in your fw log, you had seen,that it is a forwarding problem on port 53 I think.

domsheldon1 · 11 March 2021 13:45

I have to look at it in detail but I am running out of time. This configuration does not work! The client has a good blue DHCP IP address but he does not have internet! Do I have to activate the proxy (BLUE)?

friseer · 11 March 2021 14:48

you forget the second step of my howto. at least you posted nothing about.nevertheless your ip is not allowed to access blue if you not do so. and fw rules are really not interesting. though I have a QDN , but should work with localdomain too I think. each device must be added this way or nothing will be go on. blue works different from ‘normal’ wifi