Why would prevent upgrading but only via Red Interface?
no other enterprise level firewall prevents doing this
get the following error
PAKFIRE ERROR: You need to be online to run pakfire!
trying to upgrade a spare system cannot do via Red until moved into production, right now have to do via flash and that is not practical. This setup is for personal setup, anyway to eliminate this requirement in future versions, really not needed right now having to modify script to ignore this but updates override
Thanks Much
You have a couple of options, to work with IPFire, as it is designed:
- briefly bring down red0 on your production installation and plug the reserve system to you modem. The upgrade should take only minutes to complete
- if your modem is in routing mode, then several IPFire installations may be used simulaneously. These must have/get different addresses for red0, but can use the same address for green0, provided these are not simultaneously connected to the same LAN
1 Like
Problem is non routing modem, and do not want to disconnect just have spare internally connected and keep updated, work with many other firewalls enterprise level and none restrict being to access regardless of interface unless administered via rules, at least that is where the option should be not forced and buried in a config what does is keep from updating as often and that is more a security risk so this is really not needed would think just be better if did not restrict. Simple four lines of code. ot at least provide a option in a user config file that never gets overwritten each update.
I don’t think it would be a good idea to have access to the IPFire WUI available from the Red interface (Internet normally) by default. That opens an attack surface that I would not want to have.
If I understand your situation your spare IPFire system has its Red interface connected to your production IPFire’s Green LAN network.
In that case you can write a firewall rule on your spare IPFire system to allow access to the WUI from its Red interface. You can then enable that rule when you want to do the access from Red and disable it when you have finished updating.
https://wiki.ipfire.org/configuration/firewall/rules/external-access
1 Like
Red Interface is disconnected, that is the problem, Spare is connected to green network only to be able to access from internal So can backup in use IPFire and then install backup on spare, Have temp route on green for default back to green IPFire in use. What wanting to do is while spare only connect to green is allow pakfire to work without Red interface connected but there are four lines in code that tests if Red is active and if not exits. No practical security reason to prevent that as we do on enterprise level firewall in corporate environments access is all controlled via rules which this really should allow in the pakfire script then allow someone to put a rule allowing the access in teh rules if want.