I have a small box with two cards running IPfire.
RED is connected to my cable box providing ethernet access.
GREEN is connected to other nic and all wired clients connect here.
I also have a wireless router (three actually, mesh)
The main mesh is connected to GREEN and gets 192.168.6.10)
The wiress router has a dhcp server which gives out IPs to the wireless clients. (192.168.5.X)
All my wireless devices (echos, nest, cameras. all work fine)
one of the clients (a 3d printer, dhcp client 192.168.5.161) connects successfully to the wireless router.
My main PC, 192.168.6.3 cannot ping the 192.168.5.161 device.
I cannot get to the web interface of the 3d printer.
does a route need to be set on PC or a route added to IPfire?
In the scenario you described, the PC and the printer are on different subnets. The PC is on the 192.168.6.0/24 subnet, and the printer is on the 192.168.5.0/24 subnet. The PC therefore would not broadcast an ARP request for the printer’s IP address. ARP is a Layer 2 protocol and works only within the same local network or subnet. When the PC determines that the destination IP address is not in its local subnet, it will send the packet to its default gateway for routing to the destination subnet. The default gateway in this case would be the IPFire Router.
Here’s what would generally happen:
The PC would attempt to send a packet to the printer at 192.168.5.161.
The PC would recognize that the printer’s IP address is not in its own subnet (192.168.6.0/24).
The PC would then send the packet to its default gateway, which is presumably the IPFire Router, for further routing.
The IPFire Router would need to know how to route traffic to the 192.168.5.0/24 subnet. If it doesn’t have a route for that subnet, the packet will be dropped.
If the IPFire Router does know how to reach the 192.168.5.0/24 subnet (through a static route), it would forward the packet to the appropriate next hop, which would be the AP in this case.
The AP would receive the packet and forward it to the printer at 192.168.5.161.
The printer would send the response back through the same path in reverse.
For this to work, you would need to configure routing rules on the IPFire Router to know how to reach the 192.168.5.0/24 subnet. Additionally, the AP would need to be configured to allow traffic from the 192.168.6.0/24 subnet to the 192.168.5.0/24 subnet.
this is correct. This tells the IPFire Router that any traffic destined for the 192.168.5.0/24 network should be forwarded to the AP at 192.168.6.10. The AP would then handle distributing the traffic within its own subnet (192.168.5.0/24).
EDIT: to troubleshoot:
Use tcpdump to capture packets on the IPFire Router (and if possible in the AP) to see if packets destined for the printer are being routed correctly. You can also use it on the PC and printer to verify that packets are reaching their intended destinations.
Use traceroute from the PC to the printer’s IP to see the path the packets take. This can help confirm whether the packets are being routed through the IPFire Router and the AP as expected.
Very good point (being the router also a mesh), but I do not think NAT is necessary here. It would only make routing worse. The IPFire Router and the AP should be configured to route traffic between the two subnets without NAT. The IPFire Router would need a static route to the 192.168.5.0/24 network via the AP (192.168.6.10), and the AP would need to allow traffic from the 192.168.6.0/24 network to the 192.168.5.0/24 network.
If the AP, being a mesh, is also acting as a router with its own separate NAT, I think NAT should be disabled to allow direct communication between the two subnets. The key principles remain the same: to set up proper routing rules allowing traffic to flow between the two subnets (192.168.6.0/24 and 192.168.5.0/24).
Tracing route to 192.168.5.161 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms ipfire.localdomain [192.168.6.1]
2 2 ms 1 ms 1 ms 192.168.6.10
3 192.168.6.10 reports: Destination protocol unreachable.
also, I can’t get to the web interface of the wireless router
(used to be 192.168.5.1, but now I think it would be 192.168.6.10)
I connected my wifi on the pc to the wireless router…
So it should still be 192.168.5.1
The traceroute output suggests that the packet reached the AP at 192.168.6.10 but was unable to proceed further to the destination 192.168.5.161. The message “Destination protocol unreachable” typically indicates that the device (in this case, the AP at 192.168.6.10) could not route the packet to the specified destination.
This does could mean:
The AP does not have a route to the 192.168.5.0/24 network.
There is a firewall rule on the AP blocking the traffic.
The AP is misconfigured in some other way that prevents it from routing the packet to the 192.168.5.161 address.
You would need to check the AP’s routing table and firewall rules to determine the exact cause.
that’s the gateway for 192.168.5.0/24, but for IPFire AP is 192.168.6.10. Your problem is in the configuration of the three routers. Make sure they do not do any NAT, and they allow the traffic to flow between the two networks. Watch for firewall rules as well.