Using IPFire just as firewall not as router are my two network setups causing double NAT or not?

Hi,
first thank you for making IPFire.
I am not a professional, more like at beginner level.
The questions are for my small home network for personal use.

I have set IPFire connected as is shown on this setup
IPFire as wlan client

On my uploaded image there two options to connect. My questions are about these two points. Points 1. and 2. are my two different setups, please check the uploaded picture.

RED gets IP from DHCP on wifi Cable gateway, and GREEN runs own DHCP.

Q1: Are both setups connected OK? (only one of two options is realised, I am not connected 1. and 2 but. only 1. or 2.)

  1. IPFire RED is connected with wire (network cable) to LAN port of Cable Gateway.
  2. IPFire RED is connected as wireless LAN client to my WIFI of Cable Gateway (modem + wifi router all in one)

Q2: I have read that IPFire is a firewall and not router does this mean that I am not double NAT when connecting option 1. or option 2. from Q1 (points from question one also please see the uploaded picture).

Q3. double NAT happens I case if I use FRR routing package (at this moment not installed) ?

Thank you for you time and good night.

Hey there,

A1: Both of your setups are connected OK as long as you have the right configuration on RED (static, dhcp, whatsoever).

A2: Double NAT happens when your gateway and your firewall are doing NAT at the same time. Your gateway (as long as it is not configured in some kind of “bridge mode” where it acts only as a modem) NEEDS to do NAT because it has to translate the private IP-addresses from your network to your public IP-address (the one you got from your provider). So you cannot deactivate NAT here.
IPFire does NAT by default (from green to red for example) but you can deactivate it in your kind of setup, if you like it clean (like me :smiley:). The only thing to keep in mind is that, if you disable NAT on IPFire, your gateway needs to know the routes to the subnets BEHIND the IPFire (green, blue, orange) or otherwise it cannot send packages to those nets. So you need to enter the subnets and the next hop (in your case the red interface of the IPFire) in your gateway.

A3: Im not familiar with FRR. Google tells me that it is a “routing suite”, so a software for routing which supports OpenSource-routing protocols? This has not necessarily something to do with NAT. And you definitely do not need routing protocols in a small home network with a couple of different subnets. I once did a cisco CCNA (routing & switching) and believe me, routing protocols are for waaayyy bigger purposes.

Greetings :slight_smile:

3 Likes