Admin gone - Unable to start IPFIRE

Our previous admin departed suddenly and expectantly and I have been tasked with figuring out IPFIRE without documentation. We use it as a firewall for an UBUNTU Linux server that is a learning environment for students taking a beginners linux class. Unfortunately, our students cannot access the server (they do so remotely) because there is, I believe an issue with IPFIRE. I cannot even find any documentation on the setup or anything else. The first thing I need to do is get the dashboard or control panel for IPFIRE started so I can look at the way it is configured. How do I get the control panel started? I read where there is a browser control panel at an IP address, but I tried a number of different ports with that address, to no avail. Any assistance with this would be so very much appreciated. We have 9 days until the students start and I am under the gun. Meanwhile, I am reading everything I can get my hands on. Thank you so much.

Hi @davidembry

Welcome to the IPFire community.

The IPFire wiki will be your friend for how to deal with IPFire.
https://wiki.ipfire.org/

For your specific question:-

By default, the web interface is at https://ipfire.localdomain:444 or https://ipfire:444. If you used a different hostname or domain, you will have to use that, or you can simply access it via the IP address (e.g. https://192.168.60.1:444).

You will need to use the hostname/domain name that was set up for the system, or if that is not known, then the IP Address for the Green Interface on IPFire. The port used is 444

https://wiki.ipfire.org/configuration/login

Hope this helps you get in successfully.

Incidently, when you get the login screen available then the username is admin but you will need to know that password that was set. There is no default, it has to be set when IPFire is installed together with a password for the console access.

1 Like

Thanks for the information. Let me give that a try.

1 Like

Thank you for all of the information. Unfortunately, the previous admin left no paperwork or information about the installation. I’ve tried the default URL along with the default port for accessing the dashboard, but am not getting any type of response except that it is unable to locate it. To confirm, I am using a Firefox browser on the ubuntu server running IPFire to try and access the dashboard. I am unfamiliar with what the green interface is, so I have been trying different IP addresses to possibly luck into hitting the right one. I am sorry for the inadequate information, but the situation was very sudden. Thanks.

I do not understand, IPFire is running on a virtual machine in your ubuntu server? In any case you could try to figure out your network topology with netstat:

netstat -r -n
1 Like

I am presuming that there is some reason that you can not contact the previous admin to get the required info.
On that basis you are in a very difficult situation. Even if you guessed the ip address or the hostname/domain name you would still need to know the password for the Web User Interface . There is no default for that. The same for access to the console via the root user. That will have another password.

Presuming that your Ubuntu server connected to IPFire is using dhcp to get its ip address, you could find what ip address has been provided to it. Are you familiar with Linux enough to find that information out.
It will likely start with 192.168. Let’s say it is 192.168.230.55 for the sake of argument.

Then often the ip address of the nic on IPFire that is labelled green0 in IPFire language would either be set at 192.168.230.1 or 192.168.230.254

However that is not a fixed approach, just what most people often end up doing.
However even if that works and you get login screen you will still need to know the password and if you don’t know that there is no way to get past that.

In this sort of situation doing a complete new installation of IPFire would be the normal approach but I would also suspect that you don’t have any downloaded backups of the IPFire setup. Even if you did then restoring the backup would replace the password file. However the backup file could be used to get some idea of some of the settings used for IPFire.
Without any documentation then you don’t know if the web proxy was activated, what firewall rules were implemented etc. As students have to remotely access the server from the internet this means that at least some port forward rules must have been in place.

Sorry to be so pessimistic but without the passwords you are basically blocked from doing anything.

2 Likes

If he has physical access to the IPFire machine maybe he could access the grub prompt, modify the init directive and open a shell access. From there he could change the console password, reboot, login and run setup to change also the web user interface password. Anything against this course of actions?

4 Likes

I don’t know but it certainly looks worth trying. :+1:

Will depend on how the grub line looks like on IPFire. If it is similar then it should work. Certainly worth trying because then IPFire would be accessible as it currently is which gives the OP the ability to learn how it has been setup.

@cfusco & @davidembry

I just created an IPFire clone on my testbed vm system and followed the instructions in the link from @cfusco. I successfully changed the root password so the process works.

Minor things to note.
The article says " Using your arrow keys once again, scroll down a bit until you see a line that begins with linux /boot/vmlinuz..." In the IPFire case the line starts with linux /vmlinuz

After running exec /sbin/init IPFire boots but then seems to stop. If you press the Return key then the console login prompt comes up.

Very well done @cfusco excellent solution and as you say then running setup the wui password can also be changed and also the network format and IP address and Domain name that was used can be found.

3 Likes

@bonnietwin and @cfusco, thank you so much for the information. I am going to give it a try.

You are correct in that there is no way to get information from the previous admin.

Thank you again!