Blue to Green NOT blocked!

General questions.
Post Reply
renatohtpc
Posts: 20
Joined: August 16th, 2018, 9:17 pm

Blue to Green NOT blocked!

Post by renatohtpc » May 26th, 2019, 9:32 pm

I just noticed a peculiar behavior.

Running IPFire 2.23 (x86_64) - Core Update 131 with 3 ethernet cards, Red, Green and Blue.

Blue is connected to a Ubiquity AP with security disabled. I am controlling access to the Wi-Fi by creating entries in the "blue access" for each device I want to grant access to. I have also added the AP to this list as well (not sure if this step is required...)

DHCP Details

Green Interface
Start address: 192.168.111.200
End address: 192.168.111.254
Primary DNS: 192.168.111.1
Primary NTP server: 192.168.111.1

Blue Interface
Start address: 192.168.112.100
End address: 192.168.112.130
Primary DNS: 192.168.112.1 (Should this be 111.1 or 112.1 ?)
Primary NTP server: 192.168.111.1

Scenario
1) I connect my ipad to the blue network. The mac address on the ipad is defined in the "blue access" list.
2) The dhcp gives me the 192.168.112.119 address
3) I try to access the apache server running on 192.168.111.8

To my surprise, I am able to access the server.

The firewall rules page displays the following:

GREEN Internet (Allowed) BLUE (Allowed)
BLUE Internet (Allowed) GREEN (Blocked)

I have NOT created any firewall rules to allow blue to connect to green.

Why am I able to access devices on green?

Thanks
Renato

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8522
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Blue to Green NOT blocked!

Post by Arne.F » May 26th, 2019, 10:22 pm

If you use the webproxy you dont have a connection from blue to green.
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

renatohtpc
Posts: 20
Joined: August 16th, 2018, 9:17 pm

Re: Blue to Green NOT blocked!

Post by renatohtpc » May 28th, 2019, 3:09 pm

Arne

that did indeed fix the problem.

One more question.

As I mentioned before, I have a
green network: 192.168.111.0/24
blue network: 192.168.112.0/24
OpenVPN Netowrk: 192.168.20.0/24

Which one should I list in the "Network based access control" box?

right now I have both the green and the blue listed,

Also, right now I have both "Disable internal proxy access to Green from other subnets" and "Disable internal proxy access from Blue to other subnets" both checked.

Given that I only want to isolate the blue network (from the green), which one of these two option should I have checked?

Thanks
Renato

Post Reply