I download 175, Hope this one works.
Was @mangrove able to get a good understanding of the problem with the backup in hand?
How did it go?
@mangrove has not said a thing about it. I was expecting some questions about it but Nothing at all.
Web Server is DOWN for everyone It is not just you. The server is not respondingā¦
Installed 175 and restored a backup.
Put back the 169
Web Server is UP and reachable by us.Please check and report on local outages below ā¦
next test is to hand key the firewall for just a few pages.
Todays test was a fail.
I noted that PFSense requires all Web services be on a DMZ. By Default all Local IPs are blocked. BUT can be unblocked by unchecking the rule.
Also IPFire by turning on Incoming Firewall Access by default everything is blocked. I cannot find how to edit the incoming firewall access. Looking for Source Firewall in docs by IPFire I have found none. But noted that if a use Firewall in Source or Destination a rule would show up in Incoming firewall access. but what it does is unclear. for it changed nothing or I setup the rule wrong. Lack of information on this settings.
I flipped the local IPs for DMZ and Green to get the servers on the DMZ side. to test if IPFire works on servers being on the DMZ. Test failed. but I did not have a lot of time to work on it.
Just keeping information coming in as I am learning about PFSense to see if I can get it to work.
6 Months+ and still no answers to why IPFire just up and quit working. 170 on. Yes 169 is still working.
I am running a firewall 169 behind a firewall.175 so as and outgoing firewall IPFire works fine. and with a single IP and just port forwarding it works fine. but when you address MANY IPs on Many ports it can not fine the webpages forwarding the Public IP to a Private IP it fails.
But I been addressing the problem above. from 170,171,172,173,174.175.
I well let you know if I figure it out or if I move on to PFSense. A fix is a fix.
Rule Processing
You show incoming connections from green only.
and
Green to Orange (Orange cannot get to green)
and
Firewall to internet.
but
NO Internet to IPFire to green or orange. WHY???
Just find it a bit odd. IPFire does not show how to host a game server or webpage in the rule processing.
Ā±---------+ Ā±-------+ Ā±--------------+
| Internet | ------> | IPFire | --------> | Green Host |
Ā±----------+ Ā±--------+ Ā±--------------+
Incoming Connections:
Port forward in a single IP. and IP/Port On many IPs.
169, You have to make an Aliase for the IP, So, in the NAT - Destation NAT - Firewall Interface show up in the pull down. But the port does not. Destination - Destination Address - enter the Privite IP of the host. still no ports, Protocol now the port shows up with a option of Services and Service Groups.
Okay, Service Groups is configured in Firewall groups under Service Groups.
NOW this is one of the problems pointed out to me.
Service Groupe - MAILSERVER
HTTP port 80 TCP
HTTPS Port 443 TCP
IMAPS Port 993 TCP
POP3S Port 995 TCP
SMTP Port 25 TCP
SMTPS Port 465 TCP
StartTLS Port 587 TCP
is to many ports for one rule. Is this so??
1 Like
So your problem is with port forwarding? Did I understand that correctly?
I think it is more with the Public IPs x 30 to Private ips,
I just had someone say I had to many ports in the one rule. and wanted to know if that was the problem with that one rule.
So Public IP for a webpage to the host computer on green does not show up in 170 to 175. 169 it does show up. Same rules,
As a said above of the last 6 months. UPDATE and firewall stops working. Backup 169 working and restore and firewall stops working, Hand key firewall not working.
Firewall not working you can not get to the webpages from outside, NONE OF THEM. You cannot get to SFTP, MAIL, NOTHING. but 169 everything works!!!
Going out everythings works.
Maybe I am beginning to understand in more detail. You have multiple public IPs that IPFire has to handle. (Kind of like having multiple ISPs). And from C.U. 170 IPFire is causing you the problem (port forwarding with multiple public IPs), right?
If I guessed correctly, I canāt recreate the problem, because I only have one public IP.
Or rather, I have two ISPs that are managed with a balancing router, but one of the two managers does not allow me to do port forwarding, so I basically only have one ISP.
I should add that I donāt even know how a single IPFire machine, can handle multiple public IPs. It has never occurred to me to do that.
I will follow up on this topic and update it in case I get any ideas. I hope it will work out.
Public IP is a /27 or Netmask of 255.255.255.224. Yes, Not everyone has this setup. Has been good for years 2011 is the oldest backup I found.and I was using IPCop before that. and a SonicWall and a Cisco ASA that firmware got old. Kind of what happing now. 169 is old.
!70 to 175 all are not working. with NAT Public IP to Private IP ports.
So can you confirm that I guessed right?
The other thing they pointed out is my Private IP network is big. 255.255.255.0 or /24. but only have about 8 systems on it.
Yes, I would say so.
1 Like
It is better to wait for users with multiple public IPs to do a test. At the moment I donāt have a solution, but I think I understood correctly this time. If I had more ISPs I could have done a test myself. 
.
It remains to be seen if your problem also affects other users.
I wonder if the problems are related to Reverse Path Filtering.
I canāt quickly recall at the moment when it was introduced to IPFire.
Best
1 Like
I wonder, Reverse Path Filtering did it exist before 170? and did 170+ add something so small website doing all their own things in house could no longer use IPFire. I wonder.
LIke back when, Nat let you key in an IP address to forward. Then changed it to make an Alias so the pull down let you pick the site. Oh, I been thinking about this for a long time. I been looking up how to. from IPFire Docs and Others. and not one as showed any changes to help fix this. I do it just as the IPFire Doc say, but do not show how to setup an public IP to Green, Orange, Blue. and the check firewall
I find nothing about it.
Add a new aliasā¦ no information on it. OH how to make one but what to use it for?
NAT only shows Firewall interface as ā Automatic ā but when you have a Alias setup a pull down show it.
Source is ANY so anyone can get toā¦ NAT Firewall Interface Google DNS (8.8.8.8) if I was google.
Destination IPAddress 192.168.1.1 or if you put in some HOST address you can check the Hosts box and pull down a list of your hosts.
Protocol Now the page I am looking at is out of date WIKI.ipfire.org does not show the -Preset- pull down. Services or Service Groups. was in 169 so very old screen shot. Pick a Service HTTP and your web page should be able to view from you phone that is not on the same ISP or Network.
Oh that is my problem NO ONE CAN SEE anything I have hosted. but 169 you get everything.