Problems on Green after Migration


after migrating to a new Server the green Interface isn‘t working any more. I have done this while migrating:

  1. Installed same build on new server
  2. Configured red, green, blue and orange interfaces
  3. Restored backup and checked settings
  4. Followed this steps: Migrating to new hardware

After first reboot Ipsec was disabled but works again after enabling, web-interface also reachable and works. While booting only got this warning:

WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.

Think this warning can be ignored > Squid web proxy started with 2 errors

But now have no access on green to the internet and all machines on the green interface, also no access to orange and blue. same from orange to green and orange to blue.

When connected from outside with OpenVPN i can access to machines on green, orange and blue.

Could anybody help here?


Looks like you have installed a firewall rule to block green device, unintentional.

Hmm, only made a backup from the old server and restored it to the new one written above.

Compared during the weekend all settings and rules old server/new server and pressend on each page/option ok/save/update. Now access green itself, green to blue and green to orange is working, access from green to red (internet) isn’t working.

Think running in this problem here: > The server is a x86_64 and running with IPFire 159 (think similar @pmueller).

Access from green to red (internet) is only working with setting up a rule from green to red. Something is going wrong with the web-proxy here but i didn’t know what can i do here.

If you think the problem is related to the proxy server then if you disable the proxy server you should be able to access the internet again.

If that doesn’t allow green to access red what do you get if you try

ping -c4

from the console. What result and message do you get?

If you can’t get a response back from ping then are you connected to your ISP.

Some ISP’s fix the mac address that is used for the first time and when you change the hardware they will not connect as the mac is different. If this is the case you will need to get your isp to reset the mac address they have stored for you or you can change the mac address presented by IPFire on red0 using menu Network - Assign MAC-Address to enter the mac address you used to have with your old hardware.

You can check if red0 is connected on the main WUI page. Does IPFire show it is connected and do you have an IP address showing for ther Internet connection and for the Gateway. If those entries are present and IPFire shows Connected under status with the connection time then you are connected to your ISP.

1 Like

With disabled proxy i didn‘t get a connection to the internet.

The result of ping -c4

4 bytes from ( icmp_swq1 ttl=55 time 18.8 ms
4 bytes from ( icmp_swq2 ttl=55 time 18.9 ms
4 bytes from ( icmp_swq3 ttl=55 time 18.9 ms
4 bytes from ( icmp_swq4 ttl=55 time 18.7 ms ping statistics —
packets transmitted, 4 received, 0% loss, time 3002ms
tt min/avg/max/maeve = 18.718/18.840/18.917/0.075ms

WUI looks ok, connected with the known Ip-Adress.

I‘m confused:
With an simple rule (green to red, allow all) i have internet on the green interface. in that case it makes no difference if proxy is enabled or disabled.

Okay, so your ping result says that you have full Internet connection.

What happens if you try the ping from a machine in the green lan.
If the does not give a connection, try ping -c4

If neither of the pings work from the green lan then that would really suggest that you have a firewall rule set somewhere.

Do you have any entries in firewall.local?

Ping to and from a machine in the green lan works. Both results looked the ping-test before.

The firewall.local inside:

# Used for private firewall rules

# See how we were called.
case "$1" in
        ## add your 'start' rules here
        ## add your 'stop' rules here
        $0 stop
        $0 start
        ## add your 'reload' rules here
        echo "Usage: $0 {start|stop|reload}"

Okay so the pings work but the web browsing doesn’t.
The firewall.local file you have is the default empty one.

Searching for pings working but no browsing I found an entry where the nsswitch.conf entry for hosts had to be modified to fix the problem.

What does your /etc/nsswitch.conf have in it for hosts. Mine has

hosts: files dns myhostname

All other entries just have files.

Is your hosts entry different from this?

When you disabled the proxy, did you also turn the proxy setting on your browser back to using the system settings?

No, mine looks as yours.

Yes i have. Done it before this post again to be sure. Also disabled all Fw-Rules and tryed. It wouldn’t work. :-(.

Unfortunately I have just about reached the end of my knowledge for this then. Hopefully there are other people who have more experience/knowledge who can suggest things to check for.

1 Like

Ok. Many thanks for spending your time. :-).

Made all Steps as wrote in my first Post/Question again. Now it works. Didn‘t know what happens first Time.