This web interface allows you to edit the network interfaces (NICs) that are assigned to a zone. You can also change a zone's operating mode (Default, Bridge). See intended zones here.

NIC Assignment

Zone Mode

The zone mode can be changed by selecting a mode from the dropdown list under the zone name. A zone can operate in two different modes:

Default: The zone accesses one NIC directly

Bridge: All assigned NICs belong to the same network and IPFire acts like a switch between those NICs. Note that bridge mode will not bridge zones, for example it will not bridge BLUE adapters to GREEN adapters. It will bridge network adapters in a zone to others in the same zone.

Zone Access

Each zone can have one (if the zone is in Default mode) or more (in Bridge mode) NICs assigned. This NIC is either accessed natively or via a VLAN. If the RED zone is in any kind of PPP mode, you can only choose one NIC. All further PPP settings including VLANs (VDSL) can be changed in System -> Dialup.

Please note that:

  • Due to backwards compatibility reasons, you can't assign more than one VLAN to a zone
  • One NIC can't be accessed natively by more than one zone
  • You can't use the same VLAN tag more than once per NIC
  • A NIC that is assigned to RED can't be accessed by any other zone if RED is in PPP mode
  • Support for macvtap has been dropped as of Core Update 156. Please use Bridge instead.

VLAN - Example setup for 2 NICs

Configuring three zones, using two NICs and one VLAN is a practical guide on how to configure more zones than the physical Network Interfaces available by taking advantage of a Managed Switch to create a IEEE 802.1Q network VLAN.

Bridging - Example setup for 4 NICs - 1 red and 3 bridged green

Configuring 3 NICs to be bridged together for Green is a guide on how to configure bridging multiple NICs to be assigned to Green.

Spanning Tree Protocol support

The zone configuration allows configuring Spanning Tree Protocol (STP) for bridges. Since it is possible to add multiple interfaces to the same bridge, it becomes a danger that loops are being created on the network. STP avoids those by disabling bridge ports when a loop is being detected.