I have a 4 nic IPfire, red, green, blue setup. I am trying to use the Blue as a 2nd green. The 2nd green is simply to isolate an application server from the Green network(different IP subnet), but I want traffic to go back and forth(which is working). I’m having network mapped drive issue from another server(file server on green) it is killing users mapped drives. wondering if I should use a 2nd staitc WAN and a second ipfire, use ipsec to connect them, instead of Blue - any thoughts on this?
IpFire currently allows you to define four zones (red - Internet, green - local LAN, blue - e.g., WLAN, and orange - DMZ). If you want to isolate a server, connect it to the orange zone.
Thanks for answering!!! I don’t want the server exposed to the internet, only want back and forth access to green. If I put it on the DMZ, will it be blocked from internet by default?
Here is a picture(terrible) of what I am trying to do. I want to isolate the app server from the green. I do not want internet access to app server. I want green to be connect to App server. Hope this makes a little more sense? All switches are unmanaged..
The DMZ is used to host servers. By design, the Internet does not have access to the Orange network (DMZ). Access is defined using access rules; whatever rule you define, it will work for you.
By design, no rules are defined that allow communication from the DMZ to the LAN (green).
From the LAN to the DMZ, yes.
You connect one switch to the LAN, and then a PC to it (I don’t know what the other two in the picture are). You connect the second switch to the DMZ, and then the application server, and you can also connect the file server to the DMZ.
Will app server(on orange) be exposed to the internet? Do not want this.
Green should have access to orange, but do I have to put in a rule to let app server interact with green? Green(users) are using a software client to connect to app server. Thanks Brian
I have an app server(windows server) that I need to get off the green(and domain, which is done) onto another local network. Its an old server that cannot be upgraded, so corporate policy is they want it off the Green, but we still need to use the app server for day to day business until it eventually gets replaced.
If the orange solution works, great, i will test that tonight. If not, I will configure another ipfire, use another WAN Static IP(we have a block of 5 and only using 1) and simply ipsec tunnel between the two ipfires. I have no control on when they will switch, i just need to keep everything running…
I think so. I also asked if the server would communicate with the printer. If so, I would connect the printer to the DMZ as well. Otherwise, you’ll have to create a DMZ rule for the printer.
I don’t think it’s the best idea to put your outdated Windows application server on the Orange (DMZ) network.
Instead, put it on the Blue network and create the necessary rules for Blue access to that server.
The Green network has access to the Blue network by default.
Regarding the mapping problem, I think it’s related to the Windows server being the default master browser; by isolating it from the green, you lose your mappings.
