Wifi user's traffic to pass through ipfire

Hello to all,

The above diagram shows my home network topology with ipfire. Everything is working fine in LAN and all it’s traffic passes through ipfire but I couldn’t send WiFi users’ traffic from my ADSL modem to ipfire and they will connect to internet without passing through ipfire. So, is there any way to send wifi traffics to ipfire? Thank you in advance.

Hi @rezafathi

Welcome to the IPFire Community.

If you are trying to have your wifi clients access some of the computers on the LAN (Green) then you need to create some firewall Port Forwarding rules to allow that.

The default setting for traffic from the internet (Red) to IPFire is blocked.
See the wiki for a lot of information on the firewall configuration. https://wiki.ipfire.org/configuration/firewall

If you are trying to have your wifi clients have the protection of IPFire in their communication to the internet then you need to have a wifi access point connected to IPfire. With your current configuration your wifi clients will bypass IPFire completely.

1 Like

Shutdown WiFi on your ADSL Router and buy an Access Point.


Use ADSL WIFI as Guest network.

Thank you. What will happen if i use guest wifi on adsl modem?

I have the following installation similar to your network:

  1. Fritzbox (modem, router, wifi for VOIP, Whatspp, DECT)
    2.ipfire (green=LAN and blue=WIFI network.
    green is for serious work with DOT, IPS, Proxy;
    blue is for leisure and a little bit more unsafe (Apple Laptop, Apple Watch, Mobiles and MS Laptops).
    It works best for me.
    But it needs an investment in a second WIFI

I have a similar setup but have IPfire sitting / protecting the perimeter.

I then have my WAP bridged to one of the internal ports on IPfire.


You mean i should do port binding my lan and wifi on adsl router and connect it to ipfire?

This is my setup:

At present all clients connect via WiFi to the Netgear - I am planning on replacing the two port with a four port Protectlii appliance - this way I can segment wireless from wired clients.

All DHCP is done from the IPfire.

I guess there are many ways to skin a cat but I hope this helps.


1 Like

To answer this basic ‘problem’.

Each client is protected by all devices on the way to the internet. The way is defined by gateway/routing rules in these devices.
Therefore all clients which shall be protected by IPFire ( which is connected to some WAN device ) must be connected to a local network of IPFire ( GREEN or BLUE ).
The installation in the opening post connects WiFi device to RED ( in terms of IPFire ), which is not controlled by IPFire.

Thank you all. Can I use something like that? :thinking:


Whether you can or can’t do it, you should not do it because that would connect your Green Zone directly to the Internet, bypassing IPFire.

If you want the WiFi users to be protected by IPFire then you can not use the ADSL Router WiFi.

So follow @pike_it advice

That Access Point would then be connected to the Blue zone on your IPFire and client connections through it will go via IPFire.


Or the GREEN one, depending if you need a separated zone/network for wireless devices or not (and Airprint do not love being routed)

I finally was able to install hpad on ipfire and configure an access point on raspberry pi.