From mboxrd@z Thu Jan 1 00:00:00 1970 From: KMG To: development@lists.ipfire.org Subject: AW: Extra "Grey" interfaces on IpFire Date: Thu, 26 Sep 2019 00:27:05 +0200 Message-ID: <002601d573f0$5dfa07b0$19ee1710$@schatten-welt.de> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3255881516114839979==" List-Id: --===============3255881516114839979== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi there, >Yes, but this list is English only. You also forgot to copy it. Fixed now. Thanks for the hint. Never used mailing lists much :/ > Why - under any circumstances - would you connect a machine that has malware on it to a network? Since the networks are entirely septerated due tot he firewall. I really just need the web access. A 2nd ISP contract is not an option unfortunately. >I will definitely not have time to take on this project. We are already years behind with roadmaps of all kinds of projects and I >have pledged at the last developer summit to not take on anything else before at least a good number of the open things are >done. Wow. Wasnt aware of such a long to do list. You guys do great though. Considered it is all in addition to your day job. I cant even manage to maintain a gym membership . >But I can of course help out and advice. Thanks a lot for your assistance. I will start reading up on the subnets or maybe i can use vlans to get the functionality going. Best regards Klaus -----Ursprüngliche Nachricht----- Von: Michael Tremer Gesendet: Mittwoch, 25. September 2019 17:37 An: Klaus Gimm Cc: development Betreff: Re: Extra "Grey" interfaces on IpFire Hi, > On 25 Sep 2019, at 16:12, Klaus Gimm wrote: > > Dear Michael, > > thanks for getting back to me. > Right now i am not sure if i saw you post in the german subsection of > the ipfire Forum hence i stick to english :) Yes, but this list is English only. You also forgot to copy it. > My use case would look like this: > > I as a want to add more physical Interfaces (suggested Name "Grey") to the Hardware of the ipfire and configure them via the GUI. I want them to be sperated by the rest of the Networks by Default as a safe area. I want the option to configure individually (read as: allow) all offered Services (like DHCP, DNS, Red Access, Port forwarding, etc.) to be accessible from devices in this new physical Network.>. > My intended use is . Why - under any circumstances - would you connect a machine that has malware on it to a network? > Role Definition "SuperUser": > Not an full Administrator, but motivated home user. Curious, able to read up on a few wikis and how tos, but 95%windows user. No experince with Linux Systems or their adminstration. Maintains the other Networks on a rudimentary Level (file Server in green, mail Server in orange and the WDS infrastructure in blue). > > > Environment Definition "SoHo": > Approx 10-15 machines in total, with less then 10 active at any given time. A very large home Office. > > > My personal Setup and reason for asking for this Feature: > I have used IPcop over the years and have my Network set up to ist interaces, including Grey. I made the Switch to ipfire due to ipcops end of life. My Basement is Setup on a Grey Segment, i have the ports connected to a Switch and that Switch is connected to the Firewall. there i set up new machines when i Need to do so, reinstall or try to help friends and neighbours with machiens of unknown protection Level and smimilar. I find this Feature to be very Handy indeed. And since an ipcop add on exists/existed - i had the high hopes it would be possible to Transfer the functionally into ipfire. > > > For a larger Company Network i understand the risk of creating a Singe Point of failure, but want to put forth that most likely a backup Hardware solution will be hept at the ready. In my SoHo Environment that would be less of an issue, while it would certainly suck and blow at the same time, it would be managable. > > I would apprecaite it if you find the time to look into the matter if a gui based Feature similar to this use case can be included in ipfire. Even with the Speed drawback (especially when compared to a single Switch with vlans), the ease of use and implementation is worth the trade off. I will definitely not have time to take on this project. We are already years behind with roadmaps of all kinds of projects and I have pledged at the last developer summit to not take on anything else before at least a good number of the open things are done. But I can of course help out and advice. Best, -Michael > > Thanks a lot in advance. > > yours sincerely, > > Klaus > > > > ----- Original Message ----- > From: Michael Tremer [mailto:michael.tremer(a)ipfire.org] > To: Klaus Gimm [mailto:teclis22(a)schatten-welt.de] > Cc: development(a)lists.ipfire.org > Subject: Re: Extra "Grey" interfaces on IpFire > > >> Hi Klaus, >> >> Thanks for your email. >> >> First of all, I would like to point out that it might be a very bad >> idea to add too many interfaces to the firewall. It will make it a >> big single-point of failure and very often a switch can route traffic >> between networks much more efficiently. Firewalls are always slow. >> >> However, you can just add more interfaces on the console and use them >> in the firewall by creating a subnet. >> >> What would be your use-case for this? >> >> -Michael >> >>> On 24 Sep 2019, at 15:30, Klaus Gimm wrote: >>> >>> Dear Sir or Madam, >>> >>> as a Long time ipcop user i had installed this add on for a Long >>> time and >> it >>> worked great for me: >>> >>> http://www.ban-solms.de/t/IPCop-xtiface.html >>> >>> After the Switch to Ipfire as the follow-up Project to ipcop i do >>> miss it dearly. >>> >>> >>> Is it possible to implement this functionality into IpFire? I am >>> unfortunatley not a developer so i cant adjust the package or redesign it. >> >>> >>> Is there a ticket somewhere to suggest Features for developement? >>> >>> Thanks a lot in advance. >>> >>> Yours sincerely >>> >>> Klaus >> >> >> --===============3255881516114839979==--