New to IPFire? Ask questions about how to install the system and about first steps
1 Like
I searched for “ipfire with a bridge modem” on DuckDuckGo. Got this link “https://forum.ipfire.org/viewtopic.php?t=10017” but I end up here “https://community.ipfire.org/”.
Does that mean the topic does not exist or that I need to do something else to find it?
Почему Firewall не работает через WEB interface, а iptables работает через консоль, и то порты не открываются
Hi everyone!
Hope everyone is doing well. I’m new to IPFire and need some assistance please.
My goal is to setup a LTE modem with IPFire box. I have a netgear LTE bridge modem with a T-mobile sim card. The sim is not locked or has any other credentials associated with it. I know the service works because I’m able to get online while connected directly to the netgear LTE modem and also i have tested with LTE modem connected to a pfsense box.
below are the specs of the devices I’m using.
IPFire version IPFire 2.27 (x86_64) - core168
Pakfire version 2.27-x86_64
Kernel version Linux ipcool.localdomain 5.15.35-ipfire #1 SMP Sun Jun 5 17:58:52 GMT 2022 x86_64 Intel(R) Pentium(R) CPU N3700 @ 1.60GHz GenuineIntel GNU/Linux
LTE Modem: NETGEAR LB1121-100NAS
I installed ipfire on the device using suggested method found in the support section.
Then i used the suggestions described here wiki.ipfire.org - Mobile Networks (LTE/4G/UMTS/3G/2G)
Is this possible as to what I’m trying to accomplish? I would really appreciate any help on this.
Thank you so much in advance!!!
Hi there, i am used to using the ever so simple IPCOP at probably it’s most basic but it seems the last time they worked on it was back in 2015 either way looking to change I used the unit as a firewall with the TCAR add-on which helped to keep people in and keep people outwith a simple green and red network, now what is bothering me is I need to know what hardware will work with a new setup as I normally have 2 nics one attached to the protected (green) network and the other to WHY internet connection which provides a DHCP/fixed address back to the firewall, I’ll probably like to use the machine I deploy to act as a file server too later on, I’m in RSA South Africa, is there something particular I should be looking for as far as hardware as it is a tricky market right now. Thanks in advance for your input. blessings.
Is the “Green” network NAT’d by default? If so, how do you disable that? My ‘Green’ network consists of a public /28 subnet and connects to several routers/firewall appliances that each connect and administer their own specific and private networks. Because of this, I obviously cannot have the ipFire device performing any sort or kind of NAT between the green and red networks.
I would, in fact, like the ipfire device to basically ignore both networks, beyond maintaining the permanent PPPoE connection to the ISP as well as faithfully passing any/all packets back and forth between the two networks as appropriate. I would like to use the Blue network for device access / administration, but have not been able to find a place to set-up/configure it to connect to a local wifi access point.
Any help in these matters would be greatly appreciated!
Hi, Newb here to ipfire. I have a setup and want to know if it will work. So far it hasn’t. Maybe someone can help me diagnose this. Any help will be appreciated.
I have a standard setup now, main router from isp has dhcp disabled, but clients all use its wireless network. I have a pihole running in network handing out ips currently for that standard network.
I have ipfire installed on a good machine, standard red and green interfaces. I wanted to put my netgear nighthawk x6 wireless router behind ipfire and let it then handle same network. I was hoping to keep pihole handing out ips on that same network, every client on this network is wireless also. Main ISP is 192.168.1.1, red is 192.168.1.2, green is 192.168.1.3, and pihole is 192.168.1.5.
From the router I added clients red and green with static ips by mac address. They seemed to take and when I pinged from same location on main router they pinged successful. I was going to hope to run ipfire headed so atm i have it headless when in use near router. I’m thinking just running ethernet if need be, so i can’t diagnose at ipfire. I’m going to change that because i don’t think its helping. Well I can connect to x6 from another pc using wireless of both networks. It just doesn’t have internet and can’t seem to configure the router to do so. I don’t expect anyone to fix this for me, but if you have any advice I’d truly appreciate. So basically the internet on x6 is going to green on ipfire, then ipfire red is going to ethernet of ISP router, I was hoping to get new wireless working with ipfire, then move it to current network replacing ap from ISP. I can give exact models of isp etc if it helps. I’m guessing I need to add a route but was expecting ipfire to know to send traffic from green to red automatically. I’m using another pc to connect back and forth to networks but on the new one it gets nothing. I have new X6 router running on default factory settings aswell, either configured or unconfigured it won’t get internet. Thanks again for any help. Sorry to drop a big one 
This may help, not sure:
Finding myself very frustrated.
I have searched around and have not yet found the answers to these questions so if there’s something that I missed please point me in the right direction.
I installed the latest build of IPfire, fresh install, defined my red interfaceface as using DHCP from my ISP TELUS, and my green interface being my local network a class C 192.X.X.X.
I set my green interface up with the same IP as the TELUS Actontech device, set the TELUS box into bridge mode on all four ports I believe it said full , and it seems it takes a while to shut off the Telus modem and several restarts of IPFire to get an external IP from the ISP.
I also enabled the DHCP server configured identically to how the TELUS box is now on the green interface and my clients are getting correct DHCP information including DNS server, which is local (pi-hole) and Gateway, IP address, etc.
Where I’m having difficult is understanding if I have to build a rule from scratch and how to do that? I did not find or I missed something in the installation instructions.
The two things I’m seeing is that even from the IPfire box I cannot ping any IP’s outside on the public Internet, none of the traffic from the local network can ping anything outside of the local network name resolution is not working either and in the Web UI it’s showing me that DNS is broken. Even if I just use the ISP DNS and remove that from the green dhcp server settings.
I poured over this for several hours kind of pulling my hair out now and frustrated (getting over a case of RSV), but I would really like to get this working.
The machine that I’m using is a small HP x360 laptop just for test purposes with four gigs of RAM and 256 gigs of disk, at TP link adaptor and an ASIX adaptor both of which are usb and I’ve tested on this machine with an install of Ubuntu and have also tested on other machines to ensure that they do function correctly.
Where to go from here?
The main purpose for wanting to do this is to have greater understanding and control and obviously to learn as I go.
I’m not a complete noob as I did work in the industry for 30 years, but not in this capacity I was more focussed on server infrastructure and the networking and storage were handled by dedicated teams. And it’s been a few years. 
first you get the system going with the isp dns server, then add the pihole after you configure its forwarding to the ipfire dns and the isp dns.
Forwarding on the pi hole has to be ipfire’s dns on green and a public dns server that I would suggest trying the isp’s dns first.
I actually tried the ISPs DNS servers first in so far as configuring IP fire however and this were not working. I did specify local DNS server for the green interface DHCP server and I tried it with and without that and had the same issues so I will see I’m missing something and I’m thinking it’s probably I don’t know how to create rules properly and I’ve looked at the install docs and I really don’t recall reading anything detailed on it but I will look again it’s a new day with a fresh perspective and I was getting pretty tired and frustrated. Thank you kindly for your reply.
What you have to do first is get the isp dns to connect properly, then add the pi hole dns server preferably on a different net like orange, but it can be set up on green as well.
What you have to do in the dns settings page of ipfire is to find which transmission method the isp dns server uses, because its not apparently handling switching or upgrading UDP, TCP or TLS which is the common mistake on their side. But you have to reboot the system every time you change this so the isp system is bringing the connection up from a disconnected state.
Ok I will dig more. Each time having to take down the running network to test is getting frustrating. Can I put the IPFire in say the DMZ and set up a green IP as a gateway a statically configured machine can use for testing?
I should add its not JUST DNS. I cant ping the ISP gateway or a singable public IP from green or even on the IPFire machine so I think there is more to it. BUT I have not configured any rules yet either and really dont remember seeing that in the install notes. But I have been sick as well.
The ISP router should be just bridged all the way out because the ipfire server gets the DNSSEC connection instead of the isp modem/router.
The isp equipment is bridged out so it only serves as a media converter. In a lot of fiber systems, you just use a fiber to spf+ and plug it directly into the machine after cloning the mac address of the isp equipment to the spf interface.
WAN connection goes on red interface.
If you have to sign in to the system, like PPPoe, you run setup at the root terminal and edit the red’s networking.
So must I get DNS working before I create any rules?
Must I create my first set of rules?
- Deny by default
- What to allow from green to red?
There is no default rule like in my TELUS box that I can customize to tighten down after testing?
Is the fact that I can’t ping internet hosts from my clients or even the IPFire box because I have not created any rules yet or because DNS working is somehow a prerequisite to the rest?
For internet.
Default rules for green in ipfire is Green → Red Accept Green–>Blue Accept Green->orange Deny Red->green deny Blue->green deny Orange-> green deny Green->green accept
So on the green network you have internet access as well as networking with others.
Blue has internet access, but does not network with others and has DHCP and can access hosts in local DNS Hosts
Orange has internet access, but does not network with others, no dchp, but can be assigned a host in local DNS Hosts.
That is the default.
Oh it’s “plug and play” - ready to go with nothing to configure rules wise. - once I solve the ISP DNS issues? I should just be able to have my clients on green have default Internet access - am I understanding that correctly?
I can fine-tune for greater control after that, but out of the box it’s ready to go if I’ve got the DNS working correctly?
And to clone my TELUS device MAC address I just look it up and insert that somewhere in the WebUI?
That simple to get started?
Ready to try this again:
I got the WAN MAC. Can you remind me where that goes in the WebUI?
Do I want:
FULL
Warning: Enabling Full bridge mode will disable the following services provided by this router: Wi-Fi, Wi-Fi booster, smart home, and OptikTV service.
LAN1
Note: Enabling LAN 1 bridge allows you to connect your own router to LAN 1 while the Wi-Fi, Wi-Fi booster, smart home, OptikTV, and phone services are still available.
Once my connection is down if it doest work its paperclip time and that seemed to take MANY tries to get things back to stock.
Doing a bit of digging through some of the Telus forums many reported that only LAN1 one bridging worked - so that’s what I did. Got my ISPs, DNS, servers, gateway, and an IP on the red interace. Could not get the DNS working, no matter whether I tried TCP or UDP… Still could not ping from my client green network to a public IP likewise, could not do it from the IPfire box outward. Did a full fresh install accepting all the defaults except for defining my local green network IP range. Didn’t specify anything but my ISPs DNS servers. Didn’t see a way to do TLS and DNS still says it’s broken. Now I’m back to running on the Telus box reset to default. These are both USB network interfaces that I have used successfully from Mac, PC and other Linux machines. I did run this machine previously with linux and both USB interfaces worked fine. They are detected and appear to be working. There’s just some thing that I’m missing.I even called my ISP to ask what I needed to do to put my device in bridging mode, and if anything needed to happen on the backend, and was told no basically exactly what I had done previously should be fine and should be working.