RESTORE from backup.
Hand Keyed. in 170,171, and 172 with Clean install.
Hand Keyed in 169(Test WORKING) updated to 170 Fail, 171 Fail, 172,Fail.
Hand Keyed in 172(Fail), Backup, started the 169 system Restored WORKS find.
I do not have the time to go trough your posts and try to figure out an hypothesis on what’s going on. Probably I am not qualified anyway to help you out. Therefore I will tell you how I would try to figure it out by myself.
I would assume the problem is in my configuration and it is a systematic one, for the reasons listed by @bbitsch in the post above;
you have a perfect setting to find out where the problem is, simply by looking at the logs and confronting them, as you have a version of IPFire that works as expected and the other that does not;
Start with the working system, open a console and issue the following command tail -f /var/log/messages
trigger the behavior that in the other system would trigger the bug, look at the logs as they scroll in front of your eyes. Save the logs somewhere. ctrl-c to stop the log visualization.
now, repeat the same setting in the machine where the bug manifests itself.
either you figure it out, or you post the logs here (both of them).
I would say no, I do not edit the Config files manually. I learn my lessen back in 2012 about it.
I did say I manually keyed in the information, By using only the webpage GUI.
Log files. DROP_NEWNOTSYN show up in 173 but did not in the 169.
ipfire ntpd deleting interface (All IPs of servers)
ipfire ntpd Listen normally on 19 red0 (All IPs of servers)
used geopeeker to find the webpage. odd it found it TEXT only. but could not find it again.
Phone found the webpage once and it maybe cashed I could not refresh to see it again.
Log Downloaded messages to my computer and use Notepad++ and could not find the IPs that talked to the webpage. Lots of inside local IPs even the mail server had just the outside gateway talking to the outside Public IP of the mail server. and the gateway taking to the Public IPs of websites as I was testing from inside to get to the webpages.
Other was DROP_NEWNOTSYN coming from my computers IPs by the 1000s. AV doing updates or something alles talking.
I am using a single computer to talk to the new firewall. 173 and the errors of not being on the internet is Huge. Deleted from Messages the times I was not connected so just the testing part of the log. To get what I got. I will be digging more.
Test with 173 failed. Odd that Orange DMZ quit working too. and Testing from the outside none of the IPs showed up in the log file. I could see the Mail servers IP coming up. The mail server could not send email nor recieve email.
Test was a clean install. Manually keyed the firewall. Pinged 126.96.36.199 OK, Ping Local IPs OK, Ping DMZ IPs OK. Could get to All servers from inside the green. Could get to the internet from the green. With and without the Proxy running. Rebooted. Watched for errors at boot. OK 100%
Keyed the Firewall off line. not LIVE. Take too long and uses tend to want the internet alive and Mail working.
After fliping the system back to the old one the test emails I sent started coming it. and my gmail account started getting emails from our mail server.
I got the system down to 8 public IPs. SO just the need to see webpages and sevices only.
So, am I alone doing many webpages,Mail,SFTP, I am not getting any feed back.or even a hint that many IPs is a thing.
If you do a clean installation of IPFire, without importing any configuration, configuring only the network cards, their IP addresses and nothing else, does it work?
I ask this question to try to understand. It remains difficult for me to understand the problem and the solution, especially because of my lack of English skills.
As I understand it, the problems are concentrated in the input, from RED to GREEN.
If (as I told you), you install CU173, (clean installation, without importing anything) and it works, there might be a problem on the configuration files.
If that is the case, figuring it out and solving it without reconfiguring everything from scratch, I see it as very complex: in my opinion it is like looking for a needle in a haystack, there could be a problem on the files you import. How do you figure out the exact point?
When faced with these problems (not just for IPFire) I, as a technician, prefer to redo everything, even though I realize that often this involves redoing my life’s work.
I do understand that importing anything could be a problem. and Have tryed just the webpages without doing a restore. I also understand NOT to hand key inside the text files. Using just the web GUI.
Note. Why I posted way back, the Text file of the Firewall Setting that started the attack on my firewall. and IPFire is handling it fine.
Just maybe it be like the webpage that I made with a LDAP loging. User saying that had to login over and over. But every time I tested it, It worked just fine. Took me a long time if figure out why it made them login over and over. seem someone told them they did not need the www. for the webpage. and I made the LDAP use the www. for login. I made a web page to redirect them to the www. before the login.
I am thinking I maybe overlooking something. Reading how to setup the port forward over and over thinking I am just missing one point that is breaking it. But the old 169 works fine. and I rekeyed it in 169 just to find out if it works. being I have so many system now. 5 computers and 2 motherboards That I rebuild key and try. I am doing this offline. Setting up IPs RED GREEN ORANGE, I have Restored 169 to 169 and works fine. Then upgraded to 172. I have not upgraded to 173 that way. Just wipe the drive and start over 4 or 5 times now.
So, I have shared my way of setup of a port forward from RED to GREEN. Even got BAN for doing it.Twice because someone asked for the infomation again. even a third ask for the same information again.
Being I started in 1974 with the first computer. HP 24/16 Main frame Then in 1981 got my fist personal computer Atari 400. Programmed some games. Just because my mind set was to learn this computer thing. 1984 started collage in computer science. Got my fist job 1987 programming databases for SPC. Been a Network Administrator for 26 years now. Yes, Computers have changed a lot over the years. Thinking had to change with them. Ideas of how it is left you behind if you could not change as they did.
I keep looking in the forms for anyone with more then one IP but it is not clear if anyone is doing this. Note: I have a single IP at home, and it works fine. This does not help me. one works with one IP and the Many IPs does not. So, thinking that the settings for many IPs has something to do with it. but not sure how.
Now, at home I have a SFTP site, Setup Chat server, Setup Seven Days to die server, Minecraft server. being on 3 computers. Set the Port for Minecarft Port to One computer and Chat to another. and My SFTP is on a NAS, so going to may ports to many IPs on green is not a poblem.
Been googling the hack out of it. Not found any information about anyone using IPfire for many IPs.
So, without anyone here giving any information, or they fail to read what the problem is, or tell me it just a lot of words. Not even sure what that means. I even got BAN once anwsering a repeat question. with an answer I did before.
Not sure what to do, but move on to something else.
Chuck, you have largely failed to give succinct information. That’s why it’s very hard to help you.
One thing I would try immediately is ditching the service/host groups, and (as a test) enter all port forwards in a one-to-one-fashion.
Information I am missing is what you are trying to do with your 30 (now 8) external IPs and three internal web servers. I can’t think of a scenario where that fits. Perhaps there is a better way of doing things, that will work around the issue. @hvacguy: yes that’s usually how it’s done. @dean8: begin with a short explanation (no diagrams) of your site.
I have been using multiple IPs on some sites (only a maximum of three though), but not with a current IPFire update. I have one system running with two IPs right now but that’s on CU162, this system is scheduled for migration to a more recent version however and that might be very soon, I will keep this thread in mind.