Where to install raspberry PI with IPFIre

Hello together,
i want to implement a raspberry pi in my network. I have a Fritzbox with the default IP and one cable connection is going down to the Unifi Access Point, where another Raspberry PI client is recieving the WLAN connection.
Upstairs from the Fritzox7490, i do not have a direct cable connection to my FritzRepeater, so the FritzRepeater receieve the Wireless connection from the Fritzbox7490.
Outgoing from the FritzRepeater an ethernet cable is connected to an unmanaged switch, where the clients are connected, also in the network 192.168.178.x.
Now i want to implement the IPfire (raspberry pi). Where should i connect it with the best practise for my network so that the cable and the wireless clients are working perfectly?
Many thanks and BR


first, welcome to the IPFire community. :slight_smile:

Personally, I would place an IPFire machine directly after the FritzBox in the ground floor (, so it “sees” all traffic and can protect all clients behind it. Then, you can put the AP and its clients into one network zone, and the network infrastructure in your first floor into another one.

Since the three PCs are switched, they will still be able to communicate with each other, but at least their traffic towards the internet and the other WiFi network will be firewalled.

For more general advice, please refer to this, this and this blog post.

Thanks, and best regards,
Peter Müller

1 Like

Hi Peter, do you speak german? If not, i will try in english :slight_smile:

If i place the Raspberry PI (IP Fire) to a free LAN Port of the FritzBox, will all Wireless Traffic on the basement / ground floor / upstairs go over the IPFire Raspberry Pi?
Because the FritzBox broadcast WLAN from ground floor to upstairs, the Repeater receive the WLAN and the traffic then goes to the Switch upstairs to the clients. In all floors, Wireless lan should be available for the mobile devices. Will this infrastructure work if placing the ipfire to an free lan port to the FritzBox?

To control internet traffic Fritzbox must not serve WLAN.
This functionality must be provided by the Raspi.

The basic data flow should be

WAN <---> Fritzbox <--- ethernet ---> Raspi <--- WLAN ---> ( groundfloor , repeater)
                                            <--- ethernet ---> Unifi ...

ok, so disable the WLAN in the Fritzbox7490 and when i place the Raspi IPFire to an LAN interface behind the Fritzbox7490, there is the possibility in the configuration menu of IPFire to provide the same WLAN as it was provided in the FritzBox before with the same SSID and password?
When it is so, then i understand the data flow.

Yes that should be possible with the hostapd addon.
But there may be a difference. If the Fritzbox uses the same logical network ( IP range 192.168.x.0/24 ) this isn’t true for IPFire. IPFire has two different logical nets green0 and blue0, with distinct address ranges.

:thinking:There used to be a description (possibly on the Wiki) how to make Green and Blue in the same subnet. But I can’t find it.

1 Like


do you perhaps mean using BLUE and GREEN on the same physical interface? If so, the VLAN configuration page in the wiki might be the one you are looking for.

Apart from that, I can vaguely recall having seen such a page as well, but I doubt if that ever worked correctly, since the clients within BLUE/GREEN could communicate with each other without IPFire being able to filter that traffic.

Apart from that: @bbitsch is right, and @micha_1102, you understood this correctly. :slight_smile:

Thanks, and best regards,
Peter Müller

1 Like

Hi, Peter

No. I was thinking about this solution:
Combine green and blue to form one logical network [wiki.ipfire.org] , wiki.ipfire.org - Combine green and blue to form one logical network i.e. two interfaces in one subnet.

On one IPFire machine, it still works today :smiley: , even after the latest updates, and filtering is not necessary there.


1 Like