Now you are getting to the heart of IPFire: the setup of the network.
Network configuration type
As described in the preparation steps, you should already know how your own network will be set up in the following steps.
A standard IPFire installation is GREEN + RED which means two(2) networks. Typically there is one network for local or home computers, the GREEN network, and the Internet connection for the other network, the RED network.
Zones
A maximum of four(4) networks is possible: namely Green, Blue, Orange and Red.
RED | WAN | The external network - the connection to an Internet Service Provider (ISP) |
GREEN | LAN | The local network (LAN) - an internal private network |
ORANGE | DMZ | The DeMilitarized Zone - an unprotected network accessible from the internet |
BLUE | WLAN | The wireless network - separate network for wireless clients |
Note: When using BLUE, it is recommended to assign it to a NIC and connect a separate access point to it. However, it is also possible to assign a supported wireless card BLUE status with the hostapd addon.
If a Blue network has been setup make sure to configure the MAC filtering on the Blue Access page.
Assigning the NICs (Drivers and card assignments)
All of the previously chosen networks must have a network interface card (NIC) assigned.
In some cases, you may not have a NIC to assign to Red -- for example when using a dialup modem. For more information about the different linktypes, see here.
If you know what MAC address is related to which NIC you can assign them now.
In the simplest network, Red and Green, you basically have a 50/50 chance. The easiest thing is just assign one to each, if you can't ping out from your IPFire installation, change the network cables and try again. Keep in mind that you may have to reset your ISP's equipment (cable modem, etc.) before it will recognize a new device. A different NIC counts as a different device.
Select an interface.
Select the proper network card.
Now do the same for the remaining interfaces.
Network Addresses (Address settings)
Assign addresses to your network interfaces.
Setting Green interface address
Any valid IP address reserved for a LAN will work here (e.g., 192.168.nnn.nn). It is standard practice for the interface to be on .1
of the range for a local network. Here you must configure your networks and subnet masks. An example setting for a Green interface would be 192.168.1.1
with a subnet mask of 255.255.255.0
.
Are you making changes to the GREEN IP addresses? Make sure you pay attention to this warning when making future changes. It is VERY easy to lose access to the green network.
Note: You will have to take care when modifying networking settings afterwards from a remote shell using the command setup
. Using the serial console is preferred!
Setting Red interface address
The RED interface is special because its configuration depends on the ISP and the way it configures the external connection (your Internet connection).
The connection type must be know to properly setup the RED interface.
If unsure - try DHCP. If necessary get the required settings from your ISP such as which type of authentication is required and the authentication credentials (if any).
If it is necessary to use Static, then all three addresses must be entered, including that for Gateway . The appropriate Gateway address depends on your situation:
- for a consumer modem, in routing mode - the router’s LAN side address
- for a consumer modem, bridged mode - as advised by ISP
- for sub-net of a larger LAN - as advised by local IT administrator
Note From Core Update 190 onwards the Rapid Commit option can be selected to be used or not. Default with a new installation is for Rapid Commit to be selected.
DHCP server configuration
The last thing to configure is the DHCP (Dynamic Host Configuration Protocol) Server for the Green Interface.
You just have to enable the DHCP server by enabling the tick within the brackets and enter the start and end values of your desired IP range. This range should be in the same "subnet" (range of addresses) as the IP of your IPFire's green network interface. So, if your green interface has the IP address of 192.168.1.1
, you could use 192.168.1.100
and 192.168.1.200
, so type it into the corresponding fields unless you prefer another IP range.
Note: You cannot use the IP Address of your Green Interface and also the last IP of your green network range.
The broadcast IP for your 192.168.1.0/24
network is 192.168.1.255
, so you cannot use that. You can always narrow it down to a smaller range if you do not plan to use that many PCs in your green network, or to reserve space for static IPs. These settings can always be changed later with the web interface (your administrative client must have an IP out of the green network, probably by a temporary static setting).
Because IPFire runs a DNS proxy, most users will probably want the Primary DNS server set to IPFire's Green IP address. (In this case the Secondary DNS can be left blank.)
The configuration of DHCP with the program setup
is possible during installation only. However, you can change all these settings after installation with IPFire's Web UI . Which occurs after you type in browser https://ipfire.localdomain:444 or https://ipfire:444 or https://192.168.0.1:444.