On Mon, 2013-09-09 at 21:32 -0500, R. W. Rodolico wrote:
I agree that for most small businesses and individuals, having multiple green networks is not necessary.
I came up with the idea when comparing IPFire to some other small/medium business routers like the Juniper. With them, you just have a bunch of ports, and you set up one or more ports to be LAN and one or more to be 'net, and one or more to be DMZ. I was wondering how difficult it would be for IPFire, and it sounds like it would be very difficult.
That is not very difficult to do. The limitation that keeps us from doing that is the web user interface were almost anything is hardcoded. Adding an additional zone or working with a variable number of zones would require a complete rewrite (because modifying already existing code will take much more time, I reckon).
The rewrite of the web user interface will happen with IPFire 3, but not for IPFire 2 any more. There are also other limitations which require a lot of work in almost every spot of the code (e.g. IPv6), so we don't think it would be worth the time doing this for IPFire 2.
Question: We already have this partially. I could create a blue and a green, then set up rules between them. Correct? In many locations, they don't use the blue interface. It seems if I set up Blue to automatically allow connection (like the green does), ie find the code that restricts access to the blue network unless specifically given, then remove that, it would in essence be another green. Am I wrong?
Yes, this would be essentially the same. Indeed configuring this will become very easy with the new firewall GUI.
Anyway, like I said, I was just thinking. I had to work with some Juniper routers the other day and was intrigued by the idea.
Sure. Keep these kinds of ideas coming. I am always happy to hear about the your needs as a network admin. I won't promise anything, but it helps me prioritizing my list of things I need to do.
-Michael
Rod
On 09/04/2013 04:42 AM, Michael Tremer wrote:
Hey,
sorry that I reply that late...
Extending IPFire to manage more LAN interfaces than just BLUE and GREEN is pretty hard to do if you want to use features like the DHCP server, DNS proxy and so on...
In most of the cases, people don't need multiple separate LAN segments.
So, the answer to your question is no, unless you want to do a lot of configuration on your own.
-Michael
On Wed, 2013-08-28 at 12:06 -0500, R. W. Rodolico wrote:
Does anyone know if we have the ability to run multiple green networks on a router? I have a current situation where I need two LAN's I would like to run off the same router. They should have no connections between them (unless I set up a firewall rule).
Is this possible?
Oh, is this even the correct list to send this question to.
Support questions can also be posted on the forums, where more people are around and will reply much quicker.
Rod _______________________________________________ Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development