No access to local sites

Getting Started with IPFire Updates Trouble
1

Hello,

With core update 167 on Pi4 model B, I encounter the following issue :

  • firewall works great on core 166, no issue whatsoever
  • if I use core update 167 ( through flashing the image + restore backup or upgrade with Peter workaround ) then :
    • I cannot access any of my websites from behind the firewall
    • Nobody can access my websites from outside the firewall
    • I can still access my websites internally if I use the server’s IP:PORT and not https://website.address
    • I can access the rest of the internet from behind the firewall ( wikipedia, youtube,… everything else is accessible )
    • I can ssh into ipfire and launch elinks but even after 5 reboots, still no access to my websites
    • I cannot access ipfire web ui
    • if I go the the firewall log ( with elinks ) I can see the requests to my websites but they are not delivered to my reverse proxy
  • if I flash core update 166 and restore settings : access to my websites is restored

I would be happy to give any log needed to investigate this issue,

Thanks a lot for your help

2

Hi,

first, welcome to the IPFire community! :slight_smile:

Second, apologies for the late reply - ${dayjob} keeps my schedule packed…

Does “my websites” refer to a web server behind your IPFire that is serving content to the public though a port forwarding?

Okay, so DNS is generally working…

This is odd. If you can log on via SSH, the web interface should be accessible as well. Are you trying to access it by a FQDN or IP address? What behaviour do you observe (timeout, DNS failure, etc.)?

This sounds like a port forwarding rule is missing. In Core Update 167, there have been quite a few changes to the firewall engine in order to fix some bugs. I do hope none of them introduced side effects - could you please double-check that all firewall rules from the Core Update 166 backup are restored properly on Core Update 167?

Thanks, and best regards,
Peter Müller

2 Likes
3

Thank you for your welcome and your detailed answer, no apologies needed since, like you, ${dayjob} prevents me from testing stuff on the fw apart from the weekends.

Does “my websites” refer to a web server behind your IPFire that is serving content to the public though a port forwarding?

Yes, a simple 443/80 NAT from the RED gateway to my GREEN server.

This is odd. If you can log on via SSH, the web interface should be accessible as well. Are you trying to access it by a FQDN or IP address? What behavior do you observe (timeout, DNS failure, etc.)?

I access it by [IP address]:[port number], no FQDN on my fw. As of now, access is restored so no issue, but at the time, I had a timeout systematically.

could you please double-check that all firewall rules from the Core Update 166 backup are restored properly on Core Update 167?

As far as I can remember, all rules were restored but I’ll check thoroughly this weekend as I’ll try another update.
Thanks for your patience and your time, I’ll be back as soon as I have the results.

4

Hello again, sorry for the late response… busy weeks these times !
I cannot explain why but I upgraded to core 167 the exact same way ( with @arne_f fix ) I did last month and this time, nothing broke. I’m really glad it didn’t, yet a bit frustrated as to what made it break the first time ? I guess we’ll never know, anyway thanks again for your time, the new core is installed and runs well as far as I can tell, have a good weekend :slight_smile:

1 Like
5

Hi,

glad to see this is - somehow - resolved. Indeed, it is always disappointing not to know the root cause, and to be left with the knowledge of such an issue may eventually occur again. :expressionless:

Hope it does not.

Thanks, and best regards,
Peter Müller

1 Like