Hi, there!
It’s me again. So, today I changed the WAN-IP addres since the original one didn’t work. Then I tried pinging my gateway again. But the WAN can’t reach my gateway. Do you have an idea why? Thx already
Hi, there!
It’s me again. So, today I changed the WAN-IP addres since the original one didn’t work. Then I tried pinging my gateway again. But the WAN can’t reach my gateway. Do you have an idea why? Thx already
Usually you cannot free chose the wan-ip/netmask this is provided by you ISP or the router before your IPFire.
The RED IP and the GATEWAY IP must inside the subnet configured via the RED_NETMASK.
Also green/blue/orange must be a different subnet’s. If the networks are overlapping connections cannot routed.
Is there any CMD command where I can find out my ISP’s IP Adress?
Yesterday in your other post thread you said that you had been given a Static Connection by your ISP.
In that case your ISP will already have given you the IP and the Gateway IP and the Netmask. Those would never change.
If you are asking how to find out your ISP’s IP then I believe that you do not have a Static Connection but more likely a DHCP connection.
DHCP will obtain from your ISP the IP and the Gateway IP automatically for you.
See the wiki page on DHCP.
So, I just rebooted IPFire and now I also used a slightly changed IP Adress from the information I got from whatsmyipadress.com. Now I can reach the gateway but wait for carrier on red0 is still failing for any reason.
What do you mean, you “used a slightly changed IP address”? If (as seems highly likely now) you are getting a DHCP address from your gateway then you simply accept that as a client, you “use” nothing in the sense of setting an IP yourself. Alternatively, if you are behind a routed gateway then whatsmyipaddress would not see your IPFire address at all, but your gateway address.
What exactly are you configuring please? Do you have a network diagram? What device is the gateway?
Instead of for example a 1 I used a 2. The rest is the same and it’s working since I can ping the WAN successfully now. However, I still got no internet. And I assume it’s because of the port.
Edit: whatsmyipadress shows your public ip. So, the thing I need for WAN.
Some thoughts about your problem.
What is your gateway please? What do you mean by the term? What device is it?
When you “ping your WAN”, what address is that?
Please provide the first octet of the result from whatsmyipaddress. Conceal the rest.
It’s basicallly the same router I’d also use without my firewall. And it’s a telekon public adress for reachin out to the cyber space. I can ping GREEN and RED just the joke is the LAN panel on my laptop is just like, “Nah … sorry, not today!”
Nothing has been clarified.
When I asked (more than once) “What is your gateway please?” the answer “It’s basically the same router…” is sorely lacking any useful information.
I did not ask whether you can ping, I asked what address(es).
I asked for an octet and got nothing.
I asked for a network diagram and got nothing.
I’m not magical, to divine unstated things. Sorry. Perhaps someone else can help you.
We are unable to help until we know how your WAN is configured. When you execute “setup” from the IPFire command line and select Neworking > Address Settings > Red, are your settings precisely as depicted here:
WAN config ?
I missunderstood the basic architecture of IPFire. My Green IP is basically 10.0.0.x and I’m using the DHCP/Firewal/Gateway-Server my company is offering where I won’t post the IP.
Big edit here: This firewall I’m installing is just for training skills here.
In this case the roter before the IPFire is your isp and you have to configure RED matching as a client for this network. usually DHCP.
Understood.
IPFire can be used downstream of another router, such as your company’s. A workable setting for red0 is still likely to be DHCP.
You do not want to connect your green0 to your company’s LAN and need to operate your own “LAN”. It would be less confusing if you don’t use a green0 address of 10.0.0.n. 192.168.n.n is fairly straightforward to configure.
I also check the dhcp logs messages red0: Waiting for carrier is there.
I think my DHCP wants to build up a connection but can’t for any reason. Last time it wasn’t able to connect to snet. Any idea why?
Waiting for carrier usually means a missing ethernet connection.
What is snet?
Make sure that firewall do not block the traffic from the gateway.
What you require for Static Addressing (from your ISP):
Public IP Address :- (Verify with your ISP if the address they provide is your Router address and if you can replace your router with your intended IPFire Firewall Box)
Subnetmask :- (This is very specific and will be indicated in the form of IP Mask or slash notation … i.e example … 255.255.255.248 or /29 (spoken as slash 29). The aforementioned example being: 8 IP Addresses which allows for 6 hosts being on an IP Mask of 255.255.255.248 or /29 (slash 29) with 1 / 32 class C . Just to note that this example network, apart from the 6 host addresses requires a network address (1) and a broadcast address (1).
Default Gateway (This will be a specific single IP Address)
The above values need to be spot on or your going to have problems.
If your ISP indicates they use DHCP, then set IP Fire on WAN Port (RED) to DHCP. I would check this regularly for a month or two and note the information down as this will give you an idea of whether you are on a Dynamic Public IP Address or a fixed Public IP Address.
TBH, it sounds like your knowledge on IP and WAN is limited. You may want to educate yourself on IP Addressing, what subnet masks are and how they work and what default gateways are. I mean no insult or to be derogatory … a knowledge of how these things work is imperative to not break things wrt setting up routers/firewalls.
One question if I may … are you replacing the Router (usually provided by your ISP) with an IPFire Box? If you are connecting your IPFire Box up behind your router, there are several options … I would just like to note that this sort of physical configuration has limitations and it’s functionality will very much depend on the configuration of the Router and if there is any pass through traffic allowed. In the event that the IPFire Box is set up behind the ISP Router … it would be preferable to set your IPFire box IP Address (I assume it would need to be a private class IP) as the DMZ Server in the routers configuration … i.e traffic to the router is passed to the IPFire box. The alternative would be to do port forwarding on the Router which imho is a very messy way of doing things and will (imho) overly complicate the configuration as well as future fault finding.
I would test if I am able to ping the default gateway provided by the ISP from a PC behind the IPFire box (i.e on the Green/LAN segment). You can also run a traceroute (tracert on windows cmd line) to a public DNS Server such as 1.1.1.1 (Cloudflare) or 8.8.8.8/8.8.4.4 (Google) to see where traffic is falling apart.
Albeit somewhat later, I hope I have managed to be of some assistance.