Now if your talking my DNS settings. So the internet can find my servers. I would think it working in 169. all would be good with the DNS settings. That I do not host here, I did at one time years ago.
https://blog.ipfire.org/search?q=170
Note
Support for assigning aliases to multiple RED interfaces has been added.
Perhaps?
Is this possibly the update that changed something?
1 Like
Why add support for something that already worked. Or am I reading it wrong. I am using many IPs on a RED before 170. and 170 everything stopped working doing an update to the server. I had a backup. restored the backup to 170 in a clean build still did not work. Hand keyed clean install. ended up going back to 169 and did a restore got everything working. I was using an USB NIC at the time. Someone said they drop the drivers for it. So I got new hardware. Someone said it was to new of hardware, Found Hardware for a Firewall running linux, still did not work. So I have 6 systems of hardware. ALL work with 169. and none work with any thing higher. I have an old i5 gen 4 and it does not work but does with 169. Not working = nothing gets in the firewall.
It is obvious that hardware has nothing to do with it. Otherwise, IPFire would not even see the LAN card during configuration. Of this I am certain.
Something must have happened on the 170, but so far I donât know what it is.
Seeing what has changed in 170 already looks good to me.
Maybe installing from 170 on changes some firewall settings. I donât know. Itâs just an alternative to my bug hypothesis.
Been over a year, Still no fix for this. Reading all the rules over. No one address how Alias work. In the old system an Alias was use to point to the Web servers. New it does not work at all. I read how many have this problem that the Alias does not route the IP at all if the Alias is used in the firewall setup. and you cannot enter an IP in the NAT. Making pointing at the webserver impossible. So, some how the Alias quit working over a year ago and no one has fixed it. The only work around was to Manually edit the text files.
I just checked in the IPFire bugzilla and the only bug entry related to Aliases is to do with not being able to delete invalid aliases once they have been created.
As per the bug reporting documentation, the forum is the place to discuss issues but if they end up looking like a bug they should be recorded in the IPFire Bugzilla. Bugs mentioned in the forum are very easily missed and once past, then very difficult to find again especially with a thread like this one with nearly 150 posts on it.
https://www.ipfire.org/docs/devel/bugzilla
Your IPFire people email and password will act as your IPFire Bugzilla login credentials.
1 Like
I have read most of them over the year. I think that is how I found how to edit the text files to get around my problem. But every update I have to go in an edit them again. I do find it odd they show how to setup an Alias but I have never see how to use it in the firewall. Yes you can pull down the Alias in the NAT settings. I never can find docs on it. Just a blurb âYou can now use these aliases in Port Forwarding rulesâ Yet there are no Port Forwarding Rules! In the NAT they never say that the Alias is how you add address to the pull down. OR refer them as a port forwarding.
As this is a NAT rule, check "Use Network Address Translation (NAT) " and select "Destination NAT (Port forwarding) ". I say it and then I find it. But they did not say you can add IPs by using Alias.
The hardware setup is 10.0.0.1/30 giving you the IP of the hardware and the gateway only. The webpages are on a 172.16.0.1/27 giving me 15 IPs to host. NOT GIVING OUT MY REAL IPS My thinking is IPFire does not like the IP change. Did not have a problem in 169. nothing after without editing files.
Then there is something not correct with the documentation.
Alias is controlled by the local dns server and are registered hosts.
so for multiple websites on one machine the Alias entries are in hosts.
Port forwading can technically only handle ip addresses. Otherwise, it would introduce site origin attack vector so if you can do it that way, it would be inadvisable in the first place and that function would be removed once os devs sees a possible attack vector.
Port Forwarding only has a pull down. Can not enter an IP. HOSTS do not show up in the drop down of the NAT? Alias do!
Again NOT Using REAL IPs.
Other than they are using the same HTML form for the other rules, âdestination addressâ is the only valid entry in that section for that function so it should return an error. If anything, they missed displaying that your entry is an error.
After port forwarding, you register the public FQDN name in hosts.
169 NOT SPAMMING. Got blocked for repeating myself. to 170 it stopped working at the Update. Setting did not change. The OS updated. So something in the OS changed. Clean build. Hand keyed. Still not working. Looked for what they changed. I can find others with the problem but no real fixes. DNS ? is working what changed that DNS would stop working? because the OS updated to 170?
Unbound and bind has changed things significantly so if you are not using standard practices its not going to work.
What are you trying to do?
Because hosting on one or several machines is the same on the networking side.
Because the steps are â static ip the web server â forward that ip to red â enter public FQDN in hosts in the gui.
Setup a firewall with 16 IPs on many systems and the DNS is setup years ago. and is working now. BUT IPFire does not work like it did before the 170 update. Like all the post above this say. NOT SPAMMING!!! Some should learn to read.
NO update on the docs on how to set it up and missing like the Alias information. I try the HOST thing. Sound off but I try it. Make a Host that is not used at all.
It should be no different methods and that is how its set up on a web hosting system. Only thing different is one server (ipfire) is sharing dns across servers instead of it being on the same web server that the client has access to add or change dns records.
WOW, I been trying to get this fix or find a fix NOV 2022.. Yet all the same problems. Built a IPFirewall and you can not get to the pages.
You can get out no problem. nothing gets in.