There have been a few forum threads from users wanting an additional IPFire network. Please consider adding DHCP to the Orange network so it can be used as either a DMZ OR an additional general purpose internal network. Adding DHCP to Orange would: * Increase the flexibility of IPFire * While not significantly increasing complexity * Be much less work than supporting a new network type (or multiple new networks) * Allow for the use of DHCP with static leases in a DMZ anyway I would imagine that the work required would include: * Adding a new Orange DHCP scope and related firewall rules. * Add the new DHCP scope to 'DHCP configuration' page in WUI. * (bonus - for extra usability) add (non-default) option to have unbound listen on the Orange IP and permit DNS queries from it (I feel that adding proxy access also is unnecessary). I can write up new documentation for changes in the Wiki. If you're unwilling to do this, could you please briefly explain your reasoning? Thank you!
(In reply to dnl from comment #0) > There have been a few forum threads from users wanting an additional IPFire > network. Please consider adding DHCP to the Orange network so it can be > used as either a DMZ OR an additional general purpose internal network. Using the ORANGE network for this is not a good idea. It is designed as a DMZ and there are many places throughout the entire system where things have been coded that way. > Adding DHCP to Orange would: > > * Increase the flexibility of IPFire > * While not significantly increasing complexity > * Be much less work than supporting a new network type (or multiple new > networks) > * Allow for the use of DHCP with static leases in a DMZ anyway I agree with those goals, but repurposing ORANGE is not the right way. > If you're unwilling to do this, could you please briefly explain your > reasoning? If we are talking about adding the option to add more network zones that follow the "GREEN" schema, then I am not against that at all. However, the development team has made the decision to rewrite the entire network stack and release that with IPFire 3. The legacy code that IPFire 2 uses would make this a lot of work. I will close this with CANTFIX because we don't have an option for "Will do this later".