Why did this happen? Newly configured IPFire no internet and then on it's own internet was resumed

I previously had a problem identifying the GREEN interface, then after I resolved it, when I could access the webui, I created these firewall rules.

I found out the IP address assigned to the device which was connected to the GREEN interface, added a firewall rule preventing that device from accessing RED interface, then I created another rule preventing anything on RED interface from accessing that IP.

At this stage my IP Fire system was able to access Internet, I checked this on Home page, it showed an IP address it got from the wire connected to RED interface, when I tried to turn on IDS/IPS, I got an error that the system is not connected.

BLUE interface was also functioning as it should, it was providing IP addresses to devices connected to it. But they weren’t able to access Internet. I created two other rules in firewall one allowing BLUE to access RED and another allowing RED to access BLUE, I applied these rules, even then devices on BLUE interface couldn’t access the Internet.

Lastly I created two more rules preventing BLUE and GREEN from interacting with each other.

After this I didn’t change a single setting, then when I made a commenting writing the above, about 45 minutes later, it was working without problems, IPS/IDS could update and devices on BLUE interface could access the Internet.

I’m clueless about why it didn’t work before and it worked afterwords. Does IP Fire access the Internet and needs to obtain anything for it work?

Default firewall rules
https://wiki.ipfire.org/configuration/firewall/default-policy
Blue mac filter
https://wiki.ipfire.org/configuration/firewall/accesstoblu
DNS
https://wiki.ipfire.org/configuration/network/dns-server

1 Like

Hi,

At this stage my IP Fire system was able to access Internet, I checked this on Home page, it showed an IP address it got from the wire connected to RED interface, when I tried to turn on IDS/IPS, I got an error that the system is not connected.

please post a screenshot of this error message and the main page of IPFire’s web interface here.
You might want to redact your public IP address displayed there, if any.

BLUE interface was also functioning as it should, it was providing IP addresses to devices connected to it. But they weren’t able to access Internet. I created two other rules in firewall one allowing BLUE to access RED and another allowing RED to access BLUE, I applied these rules, even then devices on BLUE interface couldn’t access the Internet.

Remove the rule allowing traffic from RED to BLUE, it is dangerous. The first one is enough, as
replies to connections initiated from the BLUE network will automatically pass through your firewall.

Please read about stateful packet inspection (SPI) for further information.

Thanks, and best regards,
Peter Müller

1 Like

Thanks for the rule information about RED to BLUE.

This happened yesterday and I didn’t take any screen shot yesterday. Now it is connecting.

I created a network group for an IP address range, for example, like this: 111.222.333.13, I typed network mask as 255.255.255.0 for it, gave it a name as Cloudservice and saved it.

In firewall rules, I created a rule, selected that above group(Cloudservice) in Source and selected ‘any’ in Destination, selected drop and saved it.

I created another rule in the reverse direction, that is, I selected Source as ‘any’ and Destination as Cloudservice and selected drop and saved it.

I applied these rules. Initially it worked, I couldn’t ping anything in the Cloudservice’ IP range like: 111.222.333.11 or 111.222.333.12, then after sometime the pings were reaching the IPs in that Group’s IP range.

I don’t understand why. After I created those two rules, I created few other similar rules for other IP ranges, could they have overridden these rules?

Thanks for your help.

Okay, I figured out why pings were reaching IP addresses in the block groups range. It was because of the rule I created allowing BLUE to RED being before these rules, after decreasing the position of this, pings are no longer reaching the blocked group’s IP addresses.

The block rule to drop connections/packets from a specified network group is working when I ping, I’m not getting any replies, but in connection logs of the firewall, it shows that connections to IP addresses in the blocked network group has been established. How is this possible?

Hi,

  1. please post screenshots as it is hard to follow your descriptions.
  2. if the connections has been established before you setup the block rule, it will
    pass the firewall until it is closed.

Thanks, and best regards,
Peter Müller

1 Like

How do I kill or close established connections? Thanks

Hi,

the is no way to do this via the IPFire GUI. You could send RST packets to both source
and destination of a connection (to my knowledge, that’s what the GFW does), or reboot
the client initiated the connection.

Thanks, and best regards,
Peter Müller