Hi, > On 25 Sep 2019, at 23:27, KMG wrote: > > Hi there, > >> Yes, but this list is English only. You also forgot to copy it. > > Fixed now. Thanks for the hint. Never used mailing lists much :/ > >> Why - under any circumstances - would you connect a machine that has > malware on it to a network? > > Since the networks are entirely septerated due tot he firewall. I really > just need the web access. A 2nd ISP contract is not an option unfortunately. No my point rather is that you are protecting your own network but exposing other hosts on the internet to this threat. > >> I will definitely not have time to take on this project. We are already > years behind with roadmaps of all kinds of projects and I >have pledged at > the last developer summit to not take on anything else before at least a > good number of the open things are >done. > > Wow. Wasnt aware of such a long to do list. You guys do great though. > Considered it is all in addition to your day job. I cant even manage to > maintain a gym membership . LOL >> But I can of course help out and advice. > > Thanks a lot for your assistance. I will start reading up on the subnets or > maybe i can use vlans to get the functionality going. Let’s build this. I think it makes sense... > > Best regards > > Klaus > > -----Ursprüngliche Nachricht----- > Von: Michael Tremer > Gesendet: Mittwoch, 25. September 2019 17:37 > An: Klaus Gimm > Cc: development > Betreff: Re: Extra "Grey" interfaces on IpFire > > Hi, > >> On 25 Sep 2019, at 16:12, Klaus Gimm wrote: >> >> Dear Michael, >> >> thanks for getting back to me. >> Right now i am not sure if i saw you post in the german subsection of >> the ipfire Forum hence i stick to english :) > > Yes, but this list is English only. You also forgot to copy it. > >> My use case would look like this: >> >> I as a want to > add more physical Interfaces (suggested Name "Grey") to the Hardware of > the ipfire and configure them via the GUI. I want them to be sperated by the > rest of the Networks by Default as a safe area. I want the option to > configure individually (read as: allow) all offered Services (like DHCP, > DNS, Red Access, Port forwarding, etc.) to be accessible from devices in > this new physical Network.>. >> My intended use is wich has Internet Access, but is otherwise entirely seperated from green, > blue and orange. There i can try out new Things, products and Setup > machines/devices that maybe compromised by a Virus or malware. This works by > plug and Play, as the Network ports in the area are connected to their own > seperate Switch. The Switch has an uplink to the Grey Interface on the > ipfire with in return provices red Access, dhcp, etc. >. > > Why - under any circumstances - would you connect a machine that has malware > on it to a network? > >> Role Definition "SuperUser": >> Not an full Administrator, but motivated home user. Curious, able to read > up on a few wikis and how tos, but 95%windows user. No experince with Linux > Systems or their adminstration. Maintains the other Networks on a > rudimentary Level (file Server in green, mail Server in orange and the WDS > infrastructure in blue). >> >> >> Environment Definition "SoHo": >> Approx 10-15 machines in total, with less then 10 active at any given > time. A very large home Office. >> >> >> My personal Setup and reason for asking for this Feature: >> I have used IPcop over the years and have my Network set up to ist > interaces, including Grey. I made the Switch to ipfire due to ipcops end of > life. My Basement is Setup on a Grey Segment, i have the ports connected to > a Switch and that Switch is connected to the Firewall. there i set up new > machines when i Need to do so, reinstall or try to help friends and > neighbours with machiens of unknown protection Level and smimilar. I find > this Feature to be very Handy indeed. And since an ipcop add on > exists/existed - i had the high hopes it would be possible to Transfer the > functionally into ipfire. >> >> >> For a larger Company Network i understand the risk of creating a Singe > Point of failure, but want to put forth that most likely a backup Hardware > solution will be hept at the ready. In my SoHo Environment that would be > less of an issue, while it would certainly suck and blow at the same time, > it would be managable. >> >> I would apprecaite it if you find the time to look into the matter if a > gui based Feature similar to this use case can be included in ipfire. Even > with the Speed drawback (especially when compared to a single Switch with > vlans), the ease of use and implementation is worth the trade off. > > I will definitely not have time to take on this project. We are already > years behind with roadmaps of all kinds of projects and I have pledged at > the last developer summit to not take on anything else before at least a > good number of the open things are done. > > But I can of course help out and advice. > > Best, > -Michael > >> >> Thanks a lot in advance. >> >> yours sincerely, >> >> Klaus >> >> >> >> ----- Original Message ----- >> From: Michael Tremer [mailto:michael.tremer(a)ipfire.org] >> To: Klaus Gimm [mailto:teclis22(a)schatten-welt.de] >> Cc: development(a)lists.ipfire.org >> Subject: Re: Extra "Grey" interfaces on IpFire >> >> >>> Hi Klaus, >>> >>> Thanks for your email. >>> >>> First of all, I would like to point out that it might be a very bad >>> idea to add too many interfaces to the firewall. It will make it a >>> big single-point of failure and very often a switch can route traffic >>> between networks much more efficiently. Firewalls are always slow. >>> >>> However, you can just add more interfaces on the console and use them >>> in the firewall by creating a subnet. >>> >>> What would be your use-case for this? >>> >>> -Michael >>> >>>> On 24 Sep 2019, at 15:30, Klaus Gimm wrote: >>>> >>>> Dear Sir or Madam, >>>> >>>> as a Long time ipcop user i had installed this add on for a Long >>>> time and >>> it >>>> worked great for me: >>>> >>>> http://www.ban-solms.de/t/IPCop-xtiface.html >>>> >>>> After the Switch to Ipfire as the follow-up Project to ipcop i do >>>> miss it dearly. >>>> >>>> >>>> Is it possible to implement this functionality into IpFire? I am >>>> unfortunatley not a developer so i cant adjust the package or redesign > it. >>> >>>> >>>> Is there a ticket somewhere to suggest Features for developement? >>>> >>>> Thanks a lot in advance. >>>> >>>> Yours sincerely >>>> >>>> Klaus >>> >>> >>> > > > >