RED to Green - none of the Web Pages, SSH, or SFTP seem to work

and again like said above,

RESTORE from backup.
Hand Keyed. in 170,171, and 172 with Clean install.
Hand Keyed in 169(Test WORKING) updated to 170 Fail, 171 Fail, 172,Fail.
Hand Keyed in 172(Fail), Backup, started the 169 system Restored WORKS find.

Hmm, This is what I got BAN for posting the Screen shot. That is already done.

Bring on the BAN…

Not sure that even helps, Words just walks you though the settings.

Keep It Simple, Did not change any Firewall Options.
Time server set to [US.Pool] per US Timeservers.

I do not have the time to go trough your posts and try to figure out an hypothesis on what’s going on. Probably I am not qualified anyway to help you out. Therefore I will tell you how I would try to figure it out by myself.

  1. I would assume the problem is in my configuration and it is a systematic one, for the reasons listed by @bbitsch in the post above;
  2. you have a perfect setting to find out where the problem is, simply by looking at the logs and confronting them, as you have a version of IPFire that works as expected and the other that does not;
  3. Start with the working system, open a console and issue the following command tail -f /var/log/messages
  4. trigger the behavior that in the other system would trigger the bug, look at the logs as they scroll in front of your eyes. Save the logs somewhere. ctrl-c to stop the log visualization.
  5. now, repeat the same setting in the machine where the bug manifests itself.
  6. either you figure it out, or you post the logs here (both of them).

If you figure it out, please let us know.

Good hunting.


Only to be sure. The problem here isn’t related to this thead?

1 Like

Effectively, I also happened to be unable to enter the configuration of IPFire after editing the configuration files manually. And I decided to reinstall the whole system. :thinking:

I hope I have centered the problem. I have added myself now and I don’t know the English language. I am struggling to understand it well. :sweat_smile:

I would say no, I do not edit the Config files manually. I learn my lessen back in 2012 about it.

I did say I manually keyed in the information, By using only the webpage GUI.

Log files. DROP_NEWNOTSYN show up in 173 but did not in the 169.

ipfire ntpd[4004] deleting interface (All IPs of servers)
ipfire ntpd[4004] Listen normally on 19 red0 (All IPs of servers)

used geopeeker to find the webpage. odd it found it TEXT only. but could not find it again.
Phone found the webpage once and it maybe cashed I could not refresh to see it again.

Log Downloaded messages to my computer and use Notepad++ and could not find the IPs that talked to the webpage. Lots of inside local IPs even the mail server had just the outside gateway talking to the outside Public IP of the mail server. and the gateway taking to the Public IPs of websites as I was testing from inside to get to the webpages.

Other was DROP_NEWNOTSYN coming from my computers IPs by the 1000s. AV doing updates or something alles talking.

I am using a single computer to talk to the new firewall. 173 and the errors of not being on the internet is Huge. Deleted from Messages the times I was not connected so just the testing part of the log. To get what I got. I will be digging more.

Test with 173 failed. Odd that Orange DMZ quit working too. and Testing from the outside none of the IPs showed up in the log file. I could see the Mail servers IP coming up. The mail server could not send email nor recieve email.

Test was a clean install. Manually keyed the firewall. Pinged OK, Ping Local IPs OK, Ping DMZ IPs OK. Could get to All servers from inside the green. Could get to the internet from the green. With and without the Proxy running. Rebooted. Watched for errors at boot. OK 100%

Keyed the Firewall off line. not LIVE. Take too long and uses tend to want the internet alive and Mail working.

After fliping the system back to the old one the test emails I sent started coming it. and my gmail account started getting emails from our mail server.

I got the system down to 8 public IPs. SO just the need to see webpages and sevices only.

So, am I alone doing many webpages,Mail,SFTP, I am not getting any feed back.or even a hint that many IPs is a thing.

If you do a clean installation of IPFire, without importing any configuration, configuring only the network cards, their IP addresses and nothing else, does it work?
I ask this question to try to understand. It remains difficult for me to understand the problem and the solution, especially because of my lack of English skills.

As I understand it, the problems are concentrated in the input, from RED to GREEN.
If (as I told you), you install CU173, (clean installation, without importing anything) and it works, there might be a problem on the configuration files.
If that is the case, figuring it out and solving it without reconfiguring everything from scratch, I see it as very complex: in my opinion it is like looking for a needle in a haystack, there could be a problem on the files you import. How do you figure out the exact point?
When faced with these problems (not just for IPFire) I, as a technician, prefer to redo everything, even though I realize that often this involves redoing my life’s work.

I do understand that importing anything could be a problem. and Have tryed just the webpages without doing a restore. I also understand NOT to hand key inside the text files. Using just the web GUI.

Note. Why I posted way back, the Text file of the Firewall Setting that started the attack on my firewall. and IPFire is handling it fine.

Just maybe it be like the webpage that I made with a LDAP loging. User saying that had to login over and over. But every time I tested it, It worked just fine. Took me a long time if figure out why it made them login over and over. seem someone told them they did not need the www. for the webpage. and I made the LDAP use the www. for login. I made a web page to redirect them to the www. before the login.

I am thinking I maybe overlooking something. Reading how to setup the port forward over and over thinking I am just missing one point that is breaking it. But the old 169 works fine. and I rekeyed it in 169 just to find out if it works. being I have so many system now. 5 computers and 2 motherboards That I rebuild key and try. I am doing this offline. Setting up IPs RED GREEN ORANGE, I have Restored 169 to 169 and works fine. Then upgraded to 172. I have not upgraded to 173 that way. Just wipe the drive and start over 4 or 5 times now.

So, I have shared my way of setup of a port forward from RED to GREEN. Even got BAN for doing it.Twice because someone asked for the infomation again. even a third ask for the same information again.

Being I started in 1974 with the first computer. HP 24/16 Main frame Then in 1981 got my fist personal computer Atari 400. Programmed some games. Just because my mind set was to learn this computer thing. 1984 started collage in computer science. Got my fist job 1987 programming databases for SPC. Been a Network Administrator for 26 years now. Yes, Computers have changed a lot over the years. Thinking had to change with them. Ideas of how it is left you behind if you could not change as they did.

I keep looking in the forms for anyone with more then one IP but it is not clear if anyone is doing this. Note: I have a single IP at home, and it works fine. This does not help me. one works with one IP and the Many IPs does not. So, thinking that the settings for many IPs has something to do with it. but not sure how.

Now, at home I have a SFTP site, Setup Chat server, Setup Seven Days to die server, Minecraft server. being on 3 computers. Set the Port for Minecarft Port to One computer and Chat to another. and My SFTP is on a NAS, so going to may ports to many IPs on green is not a poblem.

I can’t think of any other solution. Waiting for suggestions from other people :wink:.

This is hard to follow.
Perhaps a drawing of your network.
Having trouble with where every thing is located.


Internet, IPFire, Servers

Keep it stupid Simple.

RED Public IP to GREEN Private IP of Host server.

Note the IPFire Duck Bannana is facing the internet. The Bannana Servers are hosting many Private IPs.

OK, I had a little fun with this but this is all I am doing.

Not an expert
But isn’t this what a revers proxy is for?
Like NginX.
Assuming each Webpage is a server.
One Red ip.
Assuming Red and green from diagram.


I have 30 Red IPs as said before. or /27

it all works in 169 and before 170 just fine.

I just do not understand what changed from 169 to 170 and above for it to stop working.

Hand keys the information into the WEB GUI not the text files.

Built a 169 hand keyed, tested and works and then updated to 173 and does not work.

Most of the answers here tell me it should work. I am not doing anything fancy with the settings. but I have tried to do most of the help setting that have been suggested, Tried new and old hardware.

Still think vary few are doing this. based on no responce from anyone that is doing it.

Still not working.

Been googling the hack out of it. Not found any information about anyone using IPfire for many IPs.

So, without anyone here giving any information, or they fail to read what the problem is, or tell me it just a lot of words. Not even sure what that means. I even got BAN once anwsering a repeat question. with an answer I did before.

Not sure what to do, but move on to something else.

Chuck, you have largely failed to give succinct information. That’s why it’s very hard to help you.

One thing I would try immediately is ditching the service/host groups, and (as a test) enter all port forwards in a one-to-one-fashion.

Information I am missing is what you are trying to do with your 30 (now 8) external IPs and three internal web servers. I can’t think of a scenario where that fits. Perhaps there is a better way of doing things, that will work around the issue. @hvacguy: yes that’s usually how it’s done. @dean8: begin with a short explanation (no diagrams) of your site.

I have been using multiple IPs on some sites (only a maximum of three though), but not with a current IPFire update. I have one system running with two IPs right now but that’s on CU162, this system is scheduled for migration to a more recent version however and that might be very soon, I will keep this thread in mind.