Wifi user's traffic to pass through ipfire

rezafathi · 7 February 2021 12:15

Hello to all,

The above diagram shows my home network topology with ipfire. Everything is working fine in LAN and all it’s traffic passes through ipfire but I couldn’t send WiFi users’ traffic from my ADSL modem to ipfire and they will connect to internet without passing through ipfire. So, is there any way to send wifi traffics to ipfire? Thank you in advance.

bonnietwin · 7 February 2021 12:37

Hi @rezafathi

Welcome to the IPFire Community.

If you are trying to have your wifi clients access some of the computers on the LAN (Green) then you need to create some firewall Port Forwarding rules to allow that.

The default setting for traffic from the internet (Red) to IPFire is blocked.
See the wiki for a lot of information on the firewall configuration. https://wiki.ipfire.org/configuration/firewall

If you are trying to have your wifi clients have the protection of IPFire in their communication to the internet then you need to have a wifi access point connected to IPfire. With your current configuration your wifi clients will bypass IPFire completely.

pike_it · 7 February 2021 13:26

Shutdown WiFi on your ADSL Router and buy an Access Point.

hvacguy · 7 February 2021 16:05

Use ADSL WIFI as Guest network.

rezafathi · 7 February 2021 16:30

Thank you. What will happen if i use guest wifi on adsl modem?

ip-mfg · 7 February 2021 16:40

I have the following installation similar to your network:

Fritzbox (modem, router, wifi for VOIP, Whatspp, DECT)
2.ipfire (green=LAN and blue=WIFI network.
green is for serious work with DOT, IPS, Proxy;
blue is for leisure and a little bit more unsafe (Apple Laptop, Apple Watch, Mobiles and MS Laptops).
It works best for me.
But it needs an investment in a second WIFI

rjschilt · 7 February 2021 22:16

I have a similar setup but have IPfire sitting / protecting the perimeter.

I then have my WAP bridged to one of the internal ports on IPfire.

R

rezafathi · 7 February 2021 23:32

You mean i should do port binding my lan and wifi on adsl router and connect it to ipfire?

rjschilt · 8 February 2021 01:46

This is my setup:

At present all clients connect via WiFi to the Netgear - I am planning on replacing the two port with a four port Protectlii appliance - this way I can segment wireless from wired clients.

All DHCP is done from the IPfire.

I guess there are many ways to skin a cat but I hope this helps.

RS

bbitsch · 8 February 2021 11:41

To answer this basic ‘problem’.

Each client is protected by all devices on the way to the internet. The way is defined by gateway/routing rules in these devices.
Therefore all clients which shall be protected by IPFire ( which is connected to some WAN device ) must be connected to a local network of IPFire ( GREEN or BLUE ).
The installation in the opening post connects WiFi device to RED ( in terms of IPFire ), which is not controlled by IPFire.

rezafathi · 11 February 2021 11:17

Thank you all. Can I use something like that?

final

bonnietwin · 11 February 2021 11:33

Whether you can or can’t do it, you should not do it because that would connect your Green Zone directly to the Internet, bypassing IPFire.

If you want the WiFi users to be protected by IPFire then you can not use the ADSL Router WiFi.

So follow @pike_it advice

That Access Point would then be connected to the Blue zone on your IPFire and client connections through it will go via IPFire.

pike_it · 11 February 2021 16:06

Or the GREEN one, depending if you need a separated zone/network for wireless devices or not (and Airprint do not love being routed)

rezafathi · 11 February 2021 21:43

I finally was able to install hpad on ipfire and configure an access point on raspberry pi.