Since my current IPFire firewall is running on a legacy 586 type hardware PC Engines APU1D, I am trying to migrate my firewall setup to a new 64-bit PC Engines APU4D4 hardware. My plan is to clone my current firewall to the new system and then just exchange them with minimum interruption.
I was able to restore the backups from my current APU1D based IPFire firewall on my new APU4D4 hardware. All configurations including passwords were preserved
Then I followed the migration recipes from hardware-change.
So far, everything worked as expected. I can log into the admin Web User interface.
However, I need your help to re-configure the 4 network ports of the APU4D4 (the APU1D had only 3 network ports). My target network configuration is as follows:
1st Ethernet port: red interface
2nd Ethernet port: orange interface
3rd Ethernet port: green interface e.g. 192.168.1.1/24
4th Ethernet port: green interface e.g. 192.168.4.1/24
hostapd: blue interface e.g. 192.168.2.1/24
How can I set-up the different address ranges of the two green interface ports in set-up?
The setup of the network interfaces allows me to define only one address range for the green interface, e.g. 192.168.1.1/24
Is it possible at all to define different address ranges for the two green ports?
If this is not possible, how are then the IP addresses of the two green ports set?
Many thanks for your help in advance.
This will not help. After cloning the disk you have still an i586 installation.
But you can restore a backup and remove some files to get it working on x86_64
blog.ipfire.org - IPFire 2.19 - Core Update 100 is available for testing
The APU1D is also a x86_64 system: wiki.ipfire.org - APU1C/APU1D
No it is not possible. If you want two green ports go to the Zone-Configuration and set the zone to bridge mode and add both Interfaces then you have one bridge with the IP that have two interfaces.
Thanks for your feedback.
I did not clone the disk (.iso), but installed a ‘virgin’ 64 bit IPFire on the APU4D4 as a first step. Then I restored just backup ipf files from my APU1D system. The APU4D4 system info shows a 64 bit HW architecture.
My IPFire core 156 running on a APU1D shows ’ IPFire 2.25 (i586) - core156’. You are right that the T40E is a 64 bit CPU: AMD G series T40E, 1 GHz dual Bobcat core with 64 bit support, 32K data + 32K instruction + 512K L2 cache per core . Obviously, I installed the 32-Bit IPFire version many years ago and wasn’t aware that the T40E based APU1D can be migrated to the 64-Bit IPFire. I got confused by the message ’ Note
- You are running IPFire on a legacy architecture and it is recommended to upgrade’.
Thanks for the hint with the Zone-Configuration. This is exactly what I was looking for:
Bridge: All assigned NICs belong to the same network and IPFire acts like a switch between those NICs
I did the zone configuration as you suggested. It works Thanks a lot for your great support! For test purposes, I can plug in an Ethernet cable form my laptop to either of the green NICs. Both green NICs are working. That’s great!
Now I need to do some final updates: Install the necessary plugins, update IPFire, and finally run the hot-plug test with the new system.
IPFire is a great firewall!
I need some additional help for getting my IPfire core 156 running on a APU4D4: hostapd is not running.
What has been done so far:
Bought an PC Engines APU4D4 with IPfire core 153 64bit architecture preinstalled.
Did a backup of my running IPFire core 156 32bit architecture
Restored the 32bit backup to the new IPfire core 153 64bit architecture
Reassigned the network interface cards with setup
Introduced a new zone configuration for the two bridged green network IF cards
All my previous 32Bit IPFire configurations could be preserved
Wait for delivery of some missing HW parts and restarted the bring-up yesterday
Connected the red port of my APU4D4 IPFire to my Internet modem
Ran upgrade to IPFire core 156 and installed the required plugins like hostapd (some temporary hacking was necessary to get internet access for pakfire)
After reboot a wired LAN connection ran without problems. Full speed internet connection were possible.
My problem is now to get hostapd up and running. My WiFi card is a PCIe Compex WLE600VX (same as on my APU1D IPFire system). I almost got it working. However, the Access Point is stopped:
If I click the green arrow, nothing happens.
If I run on a ssh console ‘hostapd -i blue0 /etc/hostapd.conf’ I am getting
blue0: interface state UNINITIALIZED->COUNTRY_UPDATE
ACS: Automatic channel selection started, this may take a bit
blue0: interface state COUNTRY_UPDATE->ACS
blue0: ACS-COMPLETED freq=2447 channel=8
blue0: interface state ACS->HT_SCAN
blue0: interface state HT_SCAN->ENABLED
Then in the WebUI the Access Point is shown as ‘RUNNING’.
When I run ‘/etc/init.d/hostapd restart’ I am getting
Stopping hostapd… Not running. [ OK ]
Could not find interface with address 04:f0:21:XX:YY:ZZ for wireless access point
However, the shown address 04:f0:21:XX:YY:ZZ is NOT identical with the MAC address of the blue0 interface shown by ifconfig!
My hostapd.conf look as follows:
######################### basic hostapd configuration ##########################
channel=- Automatic Channel Selection -
######################### wpa hostapd configuration ############################
Where are the debug messages of hostapd stored?
How can I get hostapd running?
Thanks for your help in advance.
in the WUI, /logs/system logs/wireless
I have the same card and it works well. I would delete the hostapd.conf and let the WUI rebuild it from scratch. I use the config listed here:
Here a discussion:
and another useful link:
Thanks for your help!
I tried to follow all your advises, but still no success.
In the WebUI logs/system shows no messages concerning hostapd. logs/wireless does not exist.
I have the same card in my old, still running APU1D system and is is working too since many years.
I deleted /etc/hostapd.conf. The WebUI did NOT rebuild it. If I edit HT caps in the WebUI, the file /etc/hostapd.conf does not change when I save.
Any other hint?
I don’t want to restart from scratch and to enter all my configurations by hand again.
Why is starting hostapd from the command line working, but from the WebUI not?
Could it be that some setup has been mixed-up when restoring the 43bit backup into the 64bit IPfire?
I could solve my problem by my own:
The INTERFACE MAC address in /var/ipfire/wlanap/settings was wrong. After changing this entry to the MAC address of blue0 shown by ifconfig the hostapd is up and running Now ‘/etc/init.d/hostapd restart’ is restarting hostapd without error message. I can also start and stop the access point in the WebUI.
When you say wrong, in what way? I checked the code and looks like it should be doing the right thing, but that does not seem to be true.
It was not the MAC address of the WiFi NIC card as shown by ifconfig, but a slightly different one: The last 4 MAC bytes were differing. I recognized this when looking at the error message of ‘/etc/init.d/hostapd restart’. My assumption is that something went wrong when I restored my 32Bit Backup to the new 64Bit architecture. However, I did not do any root cause analysis. I was happy that I had a running system again.
Hmm, interesting. Could have been a problem in the migration script somewhere…