No Internet Access After CU 166 update

Had No Internet Access after updating to CU 166
No other config changes
ssh to IPFire shell, no internet access at all (ping 8.8.8.8 fail)

Turns out it was one of the Firewall Rules I have had in place for a very long time.
Rule is:
Source: Network/Host Group - “QNAP” [2 IP address in Group (IPs on Green Network)]
Destination: Red Network
Protocol: All
Action: Drop

Finally, after an 1 1/2 hour head scratching, disabled all rules & connectivity returned, so realized it was a firewall rule, then narrowed it down to that one.

Added 2 new rules with individual IPs, and seems to be working fine now.

FYI, in case anyone else runs into this.

[previous release level was 164]

1 Like

Interesting. I had the same problem:

I think there may be more to this than I first thought. Hope the devs look into it.

Raise it as a bug.

https://bugzilla.ipfire.org/
https://wiki.ipfire.org/devel/bugzilla

Your IPFire People email address and password work as your logon credentials for IPFire Bugzilla

3 Likes

Hi @um1990 good morning from Spain!!!.

This happened to me: HTTP and HTTPS Conection loss with Suricata´s "OISF Traffic ID Rules"

The symptoms are the same as the ones I had. I don’t know if it will help you.

You will tell us.

Greetings.

Hi all,

sorry for being relatively absent recently on the community.

To be honest, I lost track of this threads, and which one is describing a firewall issue and which one is related to an IPS issue. If anybody could briefly bring me up-to-date, I’d be frightfully thankful. :slight_smile:

Also, Core Update 167 will be available for testing within the next few days, and it comes with a bunch of firewall and IPS bugfixes all over the place. Hopefully it will have these issues covered as well - testing feedback is always highly appreciated.

Thanks, and best regards,
Peter Müller

1 Like

So I found out what was causing my issue (may not be the issue for others)

I got a new NAS, that only has 2 Ethernet ports - The Old one 4, and I was using 3 of them.

  • In “Firewall Groups->Hosts”, I removed the “Host” for the interface I no longer used (QNAP3)
  • Now, under “Firewall Groups->Network/Host Groups”, the Host Group for QNAP had an IP/MAC Address entry that showed “Deleted” … I think this was causing the issue.

What I had to do is add the “QNAP3” Host back, remove it from the “Host Group” QNAP, and then go back and remove it from my Host list…

Seems to be working fine now…

BTW, I “deleted” it, by “editing” it, removing the information, and “saving” it - The entry disappears… Proper way to remove is using the wastecan icon, which only appears if you remove it from the Host Group first… Apparently, pre 166 was not sensitive to that (mis-configuration on my part)

1 Like