Just a comment, without any help for your issue, but…
169 is SERIOUSLY antiquated. I try to keep up with the latest and greatest. I understand that folks who “push the envelope” with tweaks and customization have issues between releases, but my goodness! It (in my opinion) is unwise to postpone upgrades.
1 Like
You have SERIOUSLY not read that the updates do NOT WORK.
and if you have read anything, It not the hardware, 5 difrent motherboards and CPUs and NICs, But you have not read any of the problems.
So, WHY does 169 work and NONE 170,171.172.173.174 do NOT WORK.???
I do think that if the software uses a lot of commas, That the forms would support posting the text from the software that they are trying to support. but not after months of banging on this problem. NOT DOING anything outside the WEB UI in the software, NO super twiks, No Mods to the code. Just install and hand key everything in to JUST ONE PAGE to see if it works. NOT NEW to this software been using it for over 12 years, Was using IPCop before this. I am an AVOCATE of UPDATING ASP. I have MANY system to test on. Have been burned by updates in the past ONE was NT4 but the fix was to update the Clients as well. Next was windows 10 update broke AutoDesk fix uninstall the Update and wait for a patch to the update. NOTHING big.
NOW IPFire Kept it up to date till the day that the UPDATE broke it. been ASKing what changed? so I can Adapte to the change. NO ONE KNOW WHAT BROKE IT!!! and the same, You are doing it wrong!. with no how to do it right. I have read the Wiki over and over just incase I missed something. BUT what the wiki says DOES NOT WORK. and the question is why do you have so many internet IPs? Ah does this point to the problem with IPFire 17x that they made it not work with MANY IPs…Is this NOT what a firewall ROUTER is for. OR did the ROUTER part get removed from IPFire? But no one seems to know.
Yes, I use IPFire on a single IP and Route PORTs to many computers too.
Yes, I use IPFire on MANY Internet IPs and route Many Internet IP to Private IPs.
BOTH WORK GOING OUT TO WEBPAGES!!
Ports ROUTE fine. (Home GAME Servers I use with MY KIDS and GRANDKIDS)
Routing IPs to IPs works in 169 no problem. I have even stacked and IPFire to an IPFire to route someone thought to a Server so they could fix a problem on it.
NOW to protect some assesets. I have an IPFire 174 behind a 169 so the Web servers are the only thing behind 169 for now. and the Assests that need to go out to the internet can, behind the 174 then though the 169 ALL works.
The error that tells me it not working. From OUTSIDE my IPs I get WEB PAGE NOT FOUND.
DNS is hosted outside my IPs not behind the firewall. NOT THE DNS.
But I am still working on it. even without your help!!!
Just as a datapoint, I recently migrated my two-IP system (with forwarded ports on both IPs, to both GREEN and ORANGE) from 162 to 174 (both systems virtualized) and everything worked perfectly.
1 Like
Yes, I have Green, Orange and Red. Do note that Orange worked in 170 and 171 but stopped in 172 and 173. and because I just setting up just ONE webpage to test with and still have all the setting for 16 internet IPs and the One webpage fails and go back to the working hardware. 169 just to not disrupt access to the information to baddly. If ONE Webpage worked I would then move forward to setup the rest of the Firewall. Now I did notice a problem with 169 that the Mail server was not reporting the correct IP as the sending server. Fix that by using Orange with a path going back out. I have also tried the path back out with the Green side. but that did not work. It was still reporting the Gateway as the server. I am not sure when this stopped working for only Germany was reporting the error about the server. Why one would have poroblems and the next update more started reporting the same error. Server reporting it was being sent by the gateway not the server. Orange fix that. I going to be trying to set everything over to the orange, If that fixes my problem it would be nice.
Chuck, if you want I can take a look at your setup for you, in a virtual machine. This means doing a backup and sending it to me, system passwords are not exported in a backup but VPN certs and keys are, as are of course lots of settings for IPs and the like so take that into consideration. If you are interested in that, send me a PM and I will respond with my email address.
They are exported. If you look in a .ipf file you will find in the /etc directory both the passwd and shadow files which contain the root password.
Also in the /var/ipfire/auth/users file is the admin user together with a hashed value of the password. This is the one used for logging in to the WUI.
The root password can’t be accessed as it is encrypted but it will stop you logging into the console on the command line.
Not sure how easily the WUI password is accessible as you would have to unhash the hashed value. I suspect the WUI access takes the password given and then hashes it and compares it with the hashed value in that users file.
OK that’s not good then. 
But I seem to remember the passwords not being updated when reloading the backup? Perhaps it was only the zone IPs and I remember wrongly… anyway, then it can easily be solved by changing passwords to something nonsensical before making a backup.
It’s also mentioned in the wiki:-
2 Likes
I use the backup tool a lot. Effectively I find myself reimporting even the user names created in addition and their passwords. The “hardware” configuration of the network cards is not imported, but all the IPs and their configurations I find them all imported.
1 Like
Yeah, I’m getting senile.
Anyway, the offer to test the setup stands.
But no, I have translated the whole topic and am trying to follow it. Unfortunately, I have not yet been able to understand the exact problem, especially because of my deficiencies regarding English.
I am also having the same problem with Language, from a NON-Firewall to Firewall Jargon. and Firewall Jargon to Non-Firewall.
También tengo el mismo problema con el idioma, desde una jerga que NO es de cortafuegos hasta la de cortafuegos. y jerga de cortafuegos a no cortafuegos.
My problem is getting my webpages to show up after updating / Reinstall and hand key the information using just the Web user interface. I am not keying in to the text files. or Reinstall and restoring the system, all the web pages show up from the internet side as NOT AVAILABLE.
Mi problema es hacer que mis páginas web se muestren después de actualizar/reinstalar y escribir manualmente la información usando solo la interfaz de usuario web. No estoy tecleando en los archivos de texto. o Reinstale y restaure el sistema, todas las páginas web aparecen desde el lado de Internet como NO DISPONIBLE.
A layer of trust here, How would you get my info without making it public?
Yes, let’s say I have an idea of the problem. Unfortunately (and @mangrove is right about this), I too feel the need to analyze an IPFire backup, to understand it well. I understand, however, that this seriously compromises privacy. At the moment I can think of no other ideas to try to solve it.
And maybe even risk of attack. In the sense that, keys, VPN certificates and more, going around the network could be captured by third parties and used to crack systems. I always prefer to hand over sensitive data in person, which is impossible in this case.
The secret information in the backup file is:
- Root/Admin passwords
- OpenVPN certs
- IPSec certs/passwords
- Root/host certificates (only interesting if you are using IPSec or OpenVPN, otherwise they can just be regenerated)
- DynDNS settings, if used, may include passwords
It is also possible to strip a backup file from sensitive data, the backup file is just a GZIP file containing a single TAR file which contains everything. But if 2-5 are not used, the easiest way is to just temporarily change the password for the root/admin users, do a backup, download the file, and afterwards change the passwords back again.
1 Like
Pick up the file at www???
Password is ???
LOL so my question is how to DM me only.
Note all I posted to get attact was the IP of one system, that is still going on now. I regret doing it now. to open up all of it would not be good. Changing the root/admin I can do. I have a place to pickup the file, but do not want to publicly put it here.
I have sent you my e-mail address in a PM.