Quick Question from Newbie - SOLVED

General questions.
Post Reply
User avatar
r0b0ty
Posts: 9
Joined: July 1st, 2018, 12:57 pm

Quick Question from Newbie - SOLVED

Post by r0b0ty » July 1st, 2018, 1:16 pm

Hello all,

I'm new to IPFire and firewalls in general. Currently, I have IPFire working, but only in the following configuration: Cable Modem -> Router -> PC (hosting IPFire). If, however, I attempt to connect the cable modem directly to the host PC ("red" interface), it does not work (no internet connectivity). This is even after running setup again, and retaining the "DHCP" setting. I did notice that when it does not work, the "Default Gateway:" and "DNS Server:" addresses are missing during the booting up of IPFire (displayed just before the login prompt).

I thought that IPFire would negotiate these addresses (with my ISP), since I selected "DHCP", as opposed to "Static". It apparently only does it for the "IP Address:" and "Subnet Mask:". I feel like I am misunderstanding a fundamental concept here... but basically, my setup only works with my physcial router in the loop - which seems redundant.

Can anyone help? Thanks!
Last edited by r0b0ty on July 4th, 2018, 1:18 am, edited 1 time in total.
Image

User avatar
Roberto Peña
Posts: 746
Joined: July 16th, 2014, 3:56 pm
Location: Bilbao (España)
Contact:

Re: Quick Question from Newbie

Post by Roberto Peña » July 1st, 2018, 7:49 pm

Hi r0b0ty

You have to configure the RED interface in PPPoE configuring from the GUI the dialing that the IPFire must make with the data provided by your ISP. (try searching the Google the dialing data of your ISP).

https://wiki.ipfire.org/configuration/s ... l?s[]=dial

Try it and say Us.

Regards.
Image
Image

╔════════════════════════════════════════════════╗
Donate to improve IPFire: https://www.ipfire.org/donate
╚════════════════════════════════════════════════╝

silverknight
Posts: 15
Joined: June 27th, 2010, 2:01 pm

Re: Quick Question from Newbie

Post by silverknight » July 2nd, 2018, 1:27 am

Had this issue many times ARRIS/Motorola modems especially. If you're in the USA leave red at DHCP and give rebooting your modem a shot. Some modems will bind to the MAC address of the edge device and power cycling allows for a new device to be used. Just shutdown IPFire and reboot the modem, once the modem is fully booted, power up IPFire.

User avatar
r0b0ty
Posts: 9
Joined: July 1st, 2018, 12:57 pm

Re: Quick Question from Newbie

Post by r0b0ty » July 3rd, 2018, 1:49 am

Thanks for the responses, guys.

Roberto, my ISP apparently does not support PPPoE (or they're being less than helpful). That was a dead end. Thanks for the suggestion.

silverknight, it's exactly what I have... an Arris SB6141 cable modem (AND I live in the U.S.). I've tried rebooting the modem multiple times, but maybe not in the correct order. As I'm testing IPFire still, and learning, I'm running it in a Virtualbox... don't know if that makes a difference in the order of things. So if I understand correctly, I should try:
1) Shutdown the computer (OR just the virtual machine, leaving the computer on?)
2) Reboot the modem
3) Turn the computer on and launch the IPFire virtual machine (OR just re-launch the IPFire virtual machine?)

By the way, I DID try running IPFire from a flash drive (no virtualbox) but was equally unsuccessful. So I'm guessing that it's not a virtualbox issue. If you can answer my questions above, I'll try your suggestion and report back. Thanks.
Image

silverknight
Posts: 15
Joined: June 27th, 2010, 2:01 pm

Re: Quick Question from Newbie

Post by silverknight » July 3rd, 2018, 4:05 am

I use that same modem at home as well. The order doesn't really matter so much it just exliminates some extra waiting while testing. As long as the modem is fully up and running IPFire should be able to grab an IP on red eventually.

Since this is a VM I would suggest you make sure your have your red and green network cards assigned properly first and foremost. More info about this setup would help as well, are you virtualizing any network cards? Made sure red and green aren't running into the same virtual switch? (Not sure if virtual box does this, I only have experience in VMware).

To be honest the 6141 hasn't ever given me issues with IPFire so just to eliminate any ISP silliness you could also try cloning the MAC of your router's WAN port to red. You can do this in the WebGUI under Network > Assign MAC Address.

The last shot in the dark I have is that you make sure to use something other than 192.168.100.0/24 as your LAN subnet for the green interface as the modem uses that internally. You can check this by going to 192.168.100.1 and should pull up your modem's status page (which can also be handy for seeing if you can even reach the modem from behind IPFire).

User avatar
r0b0ty
Posts: 9
Joined: July 1st, 2018, 12:57 pm

Re: Quick Question from Newbie

Post by r0b0ty » July 3rd, 2018, 11:49 pm

Hi again, silvernight.

I made progress last night after reading your last post. In short, I have my setup working without an additional router between my cable modem and the computer hosting IPFire in a Virtualbox!

What I did was change the MAC address of the virtual RED adapter to match the actual MAC address of the network card on the host machine. I would feel better if I could use a "fake" MAC address for RED in the virtual machine... but I can't seem to get the IPFire RED adapter to get the default gateway and DNS addresses through the modem. It's like the modem synchronizes with the host machine's network card soon after powering up the computer, and by the time I launch IPFire in Virtualbox (with a different MAC address for RED), it's too late. I don't even know if it's possible to have the virtual RED adapter with a different/fake MAC address.

Can anyone confirm if it is REQUIRED to have the virtual RED adapter MAC address match the true MAC address of the network card on the host machine (used for RED)?

Here are some details you asked for:

Virtualbox GREEN Network Adapter Settings
Image


Virtualbox RED Network Adapter Settings
Image

You can see that the MAC Address settings are applied within the IPFire VIRTUAL MACHINE...

Code: Select all

[root@ipfire ~]# uname -a
Linux ipfire 3.14.79-ipfire #1 SMP Fri Apr 27 09:43:39 GMT 2018 x86_64 Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz GenuineIntel GNU/Linux
[root@ipfire ~]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:63:bf:63 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.1/24 brd 10.0.2.255 scope global green0
       valid_lft forever preferred_lft forever
3: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2c:44:fd:11:f3:6e brd ff:ff:ff:ff:ff:ff
    inet 73.21.99.47/23 brd 255.255.255.255 scope global red0
       valid_lft forever preferred_lft forever
[root@ipfire ~]# 
As a comparison, the HOST MACHINE MAC addresses are as follows (note that the GREEN/enp1s0 network adapter's MAC address is different from the virtual machine's assigned MAC address, but I "cloned" the RED network adapter's MAC address within the virtual machine).

Code: Select all

~ >>> uname -a                                                                               
Linux server 4.17.3-1-MANJARO #1 SMP PREEMPT Tue Jun 26 15:47:16 UTC 2018 x86_64 GNU/Linux
~ >>> ip address show                                                                        
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2c:44:fd:11:f3:6e brd ff:ff:ff:ff:ff:ff
3: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:04:5a:7d:c3:c1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.119/24 brd 10.0.2.255 scope global dynamic noprefixroute enp1s0
       valid_lft 2978sec preferred_lft 2978sec
    inet6 fe80::6bea:3247:d8b9:afaa/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
~ >>>
Image

silverknight
Posts: 15
Joined: June 27th, 2010, 2:01 pm

Re: Quick Question from Newbie

Post by silverknight » July 4th, 2018, 12:27 am

I'm not really familiar with Virtualbox so I'll refrain from any guessing that could lead you down the wrong path.

I will say there isn't any problem using the host's MAC over a fake one. There are some theories about IPv6 and MACs being used to track people but that is nearing tin foil hat territory in my book. Since your ISP is using IPv4 and since IPFire doesn't even support IPv6, moot point anyways. If it works with the host's MAC, call it a day and pat yourself on the back.

User avatar
r0b0ty
Posts: 9
Joined: July 1st, 2018, 12:57 pm

Re: Quick Question from Newbie - SOLVED

Post by r0b0ty » July 4th, 2018, 1:17 am

I do thank you for your help! I'll take your advise and continue my journey learning about IPFire and firewalls in general. I'm happy and fortunate to have found this forum! A good evening to you all.
Image

Post Reply