2 x IPFIRE

General questions.
Post Reply
Xander2020
Posts: 28
Joined: October 24th, 2017, 7:20 am

2 x IPFIRE

Post by Xander2020 » October 15th, 2018, 7:35 am

Hello everyone ,

I have the following infrustructure :

1 Instalation of IPFIRE with 2 NICs: 1 x WAN with public IP : 88.x.x.x and 1 x LAN with internal IP : 192.168.0.1/24

This is our main firewall , dhcp , dns and and OpenVPN Server.

I wanted to create another LAN for demo , test and other stuff.

I installed in an ESXI environment another IPFIRE .
This IP has also 2 virtual NICs as follow : 1 x WAN = 192.168.0.100/24 and 1 x LAN = 172.10.10.1/24
I have created some VM in the LAN 172.10.10.1/24 and all this VM can ping any VM from 192.168.0.1/24

Now what i want to do is be able to access the VMs from 192.168.0.1/24 to 172.10.10.1/24.

First step that i did was to add on the MAIN IPfire a STATIC ROUTE and now if i ping from 192.168.0.10 the IP of the LAN of the second IPFIRE that is 172.10.10.1 i get a reply .

(This is from the STATIC ROUTE page: Routing Table Entries 172.10.10.1/24 via 192.168.0.100 dev green0 proto static )

I want to access from 192.168.10 a computer that is 172.10.10.10.

What else do i need to do ?

Thank you

I can make a diagram if neede.

Xander2020
Posts: 28
Joined: October 24th, 2017, 7:20 am

Re: 2 x IPFIRE

Post by Xander2020 » October 17th, 2018, 8:50 am

Hello again ,

Anyone any ideeas?

Thanks

callifo
Posts: 34
Joined: September 30th, 2013, 4:14 pm

Re: 2 x IPFIRE

Post by callifo » October 18th, 2018, 12:07 pm

You also need to disable IP masquerading (NAT) when traversing from outside/inside or inside/outside. Either universally, or just when the source is 192.. going to 172....

Not sure how to do that on IPfire though, never done it.
Image

Xander2020
Posts: 28
Joined: October 24th, 2017, 7:20 am

Re: 2 x IPFIRE

Post by Xander2020 » October 23rd, 2018, 7:35 am

Hello Califo

Thanks for you answer ,
I looked into all settings regarding the IP Masquarade and didnt find/solve anything.
Is there any other way ?

Thanks.

callifo
Posts: 34
Joined: September 30th, 2013, 4:14 pm

Re: 2 x IPFIRE

Post by callifo » October 23rd, 2018, 11:48 am

Do you have a layer 3 switch?

Connect layer 3 switch to both IPfire instances on the LAN side, each interface in that IPfire instances LAN address range. Use each IPfire's static route function and point the remote IPfire's LAN subnet it to the layer 3 switches local interface. Repeat on both IPfire's instances.

BUT, if you then connect the test IPfire's WAN interface into the productions LAN interface for internet, you will likely cause something to break (it will have a locally connected interface in that subnet and a static route with lower cost).
Image

Post Reply