[Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post Reply
davorin
Posts: 8
Joined: March 7th, 2019, 1:57 pm

[Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by davorin » March 7th, 2019, 2:11 pm

Hello

As I wasn't satisfied with pfsense/opnsense I thought I might give ipfire a try...

Installed via USB stick on my APU2D4 and did the initial setup with red and green interface...
red0 gets an IP via DHCP client and the system is also able to resolve names from the system itself as also from a client connected to green0 interface..

Do I have to install an initial firewall rule to be able to simply surf the web behind the ipfire box?
The system doesn't forward any packets from client behind green0.

Furthermore in the System->Main page it shows the status of the red0 interface always as "connecting..."
also when I try to search for new packages it tells me that I have to be connected first to the internet...

Does ipfire doesn't like a WAN IP being RFC1918?


thanks in advance
richard
Last edited by davorin on March 7th, 2019, 2:56 pm, edited 1 time in total.
ipfire 2.21, APU2D4

davorin
Posts: 8
Joined: March 7th, 2019, 1:57 pm

Re: No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by davorin » March 7th, 2019, 2:50 pm

Okay...

Connected the WAN interface to a small cablemodem which provides public IP...and then I have internet connection from green0...

Seems ipfire doesn't like RFC1918 on the WAN/red0 side....


Maybe I need to supply a fixed RFC1918 on the WAN to be able to test throughput locally...
ipfire 2.21, APU2D4

davorin
Posts: 8
Joined: March 7th, 2019, 1:57 pm

Re: No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by davorin » March 7th, 2019, 2:56 pm

Yepp...setting a fixed RFC1918 IP on WAN with "ifconfig red0" solved it:

LAN -> WAN:

Code: Select all

-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.0.22.22, port 52377
[  5] local 10.0.20.15 port 5201 connected to 10.0.22.22 port 52378
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  58.7 MBytes   492 Mbits/sec                  
[  5]   1.00-2.00   sec   101 MBytes   846 Mbits/sec                  
[  5]   2.00-3.00   sec   108 MBytes   902 Mbits/sec                  
[  5]   3.00-4.00   sec   102 MBytes   857 Mbits/sec                  
[  5]   4.00-5.00   sec   112 MBytes   939 Mbits/sec                  
[  5]   5.00-6.00   sec   101 MBytes   845 Mbits/sec                  
[  5]   6.00-7.00   sec   103 MBytes   865 Mbits/sec                  
[  5]   7.00-8.00   sec   107 MBytes   895 Mbits/sec                  
[  5]   8.00-9.00   sec   110 MBytes   919 Mbits/sec                  
[  5]   9.00-10.00  sec  92.1 MBytes   773 Mbits/sec                  
[  5]  10.00-10.01  sec   921 KBytes   912 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.01  sec   994 MBytes   833 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
WAN -> LAN:

Code: Select all

Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.0.22.22, port 52392
[  5] local 10.0.20.15 port 5201 connected to 10.0.22.22 port 52393
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  73.7 MBytes   619 Mbits/sec                  
[  5]   1.00-2.00   sec  78.3 MBytes   657 Mbits/sec                  
[  5]   2.00-3.00   sec  78.4 MBytes   658 Mbits/sec                  
[  5]   3.00-4.00   sec  79.7 MBytes   668 Mbits/sec                  
[  5]   4.00-5.00   sec  82.5 MBytes   692 Mbits/sec                  
[  5]   5.00-6.00   sec  83.7 MBytes   702 Mbits/sec                  
[  5]   6.00-7.00   sec  77.7 MBytes   652 Mbits/sec                  
[  5]   7.00-8.00   sec  77.2 MBytes   647 Mbits/sec                  
[  5]   8.00-9.00   sec  29.5 MBytes   247 Mbits/sec                  
[  5]   9.00-10.00  sec  81.2 MBytes   681 Mbits/sec                  
[  5]  10.00-10.00  sec  28.3 KBytes   193 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec   742 MBytes   622 Mbits/sec                  sender
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Not too bad for an APU2D4...though WAN to LAN is around 30% less...


Now let's see if IPsec works also well like on JunOS...
ipfire 2.21, APU2D4

BeBiMa
Posts: 2694
Joined: July 30th, 2011, 12:55 pm
Location: Mannheim

Re: [Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by BeBiMa » March 7th, 2019, 3:13 pm

How does your installation look like?
What equipment constitutes your WAN?
How are the networks defined?

You mentioned a cablemodem. Be aware that DOCSIS uses a 10.x.y.z net for communication also. Don't know whether this matters.
Image
Unitymedia Cable Internet ( 32MBit )

davorin
Posts: 8
Joined: March 7th, 2019, 1:57 pm

Re: [Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by davorin » March 7th, 2019, 3:17 pm

All been solved for me...

Cablemodem provides public IP...but for testing throughput it isn't enough...

WAN: 10/16 prefix, connected to WS-C3750E-24TD
LAN: 192.168.1/24 prefix, connected to Macbook Pro

Seems ipfire doesn't states a RFC1918 address acquired via DHCP as connected, as it always showed "connecting..." in the home screen.
So setting a fixed IP on WAN with "ifconfig red0 10.0.22.22 netmask 255.255.0.0" fixed it...

This is only for testing throughput of my APU2D4 box as stated above....

The other cablemodem with 500mbps is currently connected to my SRX240B2 providing internet connectivity...but will be replaced soon...
dunno yet if with APU2D4 running ipfire or Mikrotik RB4011...
ipfire 2.21, APU2D4

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8086
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: [Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by Arne.F » March 7th, 2019, 3:24 pm

I use the DHCP Client on my test system (APU2c4) and my main IPFire (OrangePi Zero) of course assign RFC1918 IP's.
So my APU get 192.168.202.xx on red via the dhcp client and also display this on the WebIF. (Maybee it stays on connecting if the route has no connection to the real Net)
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

davorin
Posts: 8
Joined: March 7th, 2019, 1:57 pm

Re: [Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by davorin » March 7th, 2019, 3:29 pm

Okay...once again...

Nothing to do with my cablemodem...cablemodem provides public IP as stated above (o;
I am using internal LAN for testing and providing the 10/16 prefix to WAN side of ipfire.

The WAN interface gets a RFC1918 IP Address on WAN side, but system thinks it is not connected....so had to use a fixed RFC1918 IP on the WAN side for testing...

I assume ipfire isn't that compatible with Cisco switches as Ciscos tend to bring up an interface after 30 seconds...
so ipfire fails in acquiring an IP during boot, but later gets it then...but then it is probably already too late
for the system that it recognizes itself as being connected.
ipfire 2.21, APU2D4

davorin
Posts: 8
Joined: March 7th, 2019, 1:57 pm

Re: [Solved] No forwarding with fresh install on APU2D4 with RFC1918 on WAN

Post by davorin » March 12th, 2019, 11:01 am

Switched now completely to ipfire on APU2D4....handles 500mbps easily...

Attached a graph where I did an iperf3 test from both sides....goes up to wire speed :-)


Not let's see if it can do also ipsec xauth to a vpn server.
Attachments
graph_image.php.png
Iperf3 test on APU2D4
ipfire 2.21, APU2D4

Post Reply