i have spent 2h of my life troubleshooting today and fortunately i was not the only one with this problem.
I have divided my network into 4 segments (RED; GREEN 10.10.1.0; DMZ: 10.10.2.0; BLUE: 10.10.3.0) and in the last weeks and today extremely I could neither ping the IP of the ipFire router nor reach the WebGUI from my computer. All the time I assumed that my computer was crazy but today it was extreme because in the middle of my work (home office) I noticed that I couldn’t reach websites anymore. Also the WebGUI was not reachable and also no SSH to the router.
I was about to set up my ipfire again and almost despaired at this thought.
But then I found like-minded people in the ipFire forum who suspected the new location database and after renaming the file „/var/ipfire/firewall/locationblock_old“ and running firewallctrl I could access my system again. The option Location-Filter now has an internal error when called.
What can I do to make the Location-Filter work again and filter only on the red interface. I have a VM with Nextcloud (DMZ) in operation and therefore only access from Germany should be possible.
In the morning I could suddenly no more access the internet and ipfire on green, not even with https or ssh. So I had to use the console cable and manually tune iptables with iptables -A CUSTOMINPUT -i green0 -j ACCEPT to get to the web interface and disable Location Block.
After a reboot everything workes again. To double check I enabled Location Block again with the same behaviour, so for now I keep Location Block off.
Same here! DHCP is running so the network seems fine at first glance, but everything else is unresponsive.
I was able to restore a disk image from last weekend (with core 150 already installed prior to backup).
Edit: The restored machinen failed after 30 minutes as well
Unfortunately I have to leave for work, but I will test your suggestions later, thanks in advance!
Fresh install and only configure LocationFilter addon and I can´t surf to internet. I check all countries except Spain and IPFire block me all comunication.
Only can edit /var/ipfire/firewall/locationblock file and change “on” to “off” and restart firewall with /etc/init.d/firewall restart, everything goes back to normal. I change it connecting one monitor and keyboard.
Its not the Location Block code itself it is a error in the Database. Networks like 192.168.x.x are detected as “EU” because there is a wrong annoucement that 192.168.0.0/15 is assigned to the RIPE.
At the moment you should not block the Country “EU”
Unchecking EU and applying firewall rule did NOT work for the majority of the firewalls I maintain (even though connections show up as EU when GeoIP disabled).
[root@router ~]# location lookup 10.10.0.0
Network : 8.0.0.0/5
Country : European Union
[root@router ~]# location lookup 192.168.0.0
Network : 192.168.0.0/15
Country : European Union
———————
What does the 10 IP address range have to do with EU?
Neither 192.168.0.0/24
still 10.0.0.0/8 are used in the Internet and are reserved for private networks.
Even that should only work on the red interface of the location filter would make sense to me.
@roberto many thanks, you saved my day!!!
by the way only turning off EU did not work for my ipfire,
had to turn off location filter to regain access to web interface and internet.