Currently IPfire runs on a APU2C4 and I wanted to move the installation to a Sophos SG230.
What’s the best option in this case?
Take the current SSD and plug it in into the Sophos or perform a new installation with Core 196 and restore a backup taken from old hardware?
Moreover, I’ve got some cron jobs running that execute some Python scripts. Additionally some bash scripts I’m using on a regular basis. All mentioned beforehand are not handled by the default backup, so my guess is, just copy them over from old to new hardware, right?
If restoring a backup is the best option, which backup should I use in WebIf? The iso file with or without logs and additionally the add-on backups?
but you can specify them in the include.user file and there is also an exclude.user file so you can specify those types of file that you don’t want to have backed up.
and then you can backup that user specific crontab, details are in that page. That way that user specified crontab will never be overwritten by an fcron update such as will occur in CU198.
Guys, I need some information for installing from scratch. The Wiki says, that I’ve to use the ISO to burn a CD, start from it and install IPFire on new hardware.
Second, that’s the methode I’ve chosen, I’ve used a USB key and flashed the image, ‘cause the new device does not have any CD-ROM attached.
So, after booting from USB key, I’ve run the setup, but there is no option to partition the built-in SSD and install IPFire onto it.
Which option do I have? I would like to boot from USB key and install on internal SSD.
There is no option to partition the install so that some goes to one drive and another part to another part to another drive.
You will have to boot with the usb key and then install completely on the ssd.
Then you will have to manually move the boot partition from the ssd to the usb key and figure out what needs to be changed to have the system boot like that.
At least you will have to manually change the /etc/fstab/ file to use the new uuid for the boot partition on the usb key.
You might also need to edit something on grub, or at least re-run the grub-install and grub-mkconfig commands to install the bootloader into the right place so that grub knows how to access it.
You will have to do some searching on grub and those commands to see how they need to be specified depending on if you have the BIOS or EFI setup on your system.
All of the above will have to be done manually via the cli.
Have you loaded the iso onto thet usb key or the img file. The img file is for when you have to install directly on the ssd being used and cannot use a usb key such as with Raspberry Pi’s.
I think you must have installed the img file on your usb key if it started directly with keyboard layout.
Re-do the copying of the file to the usb key but make sure you have downloaded the iso file.
May I ask a next question regarding setting up the second IPFire in my network.
This is a follow-up to above question. I’ve now successfully set up a new IPFire instance on the Sophos SG230. I restored the backup from the current IPFire and disabled DHCP in settings on new SG230.
My problem is now, I can access the WebIF from any client in LAN, however I cannot reach SSH on port 222.
During setup, I’ve configured a green and a red network. The green network has IP address 192.168.0.99/16 assigned and the red interface fetches its IP address using DHCP (from current IPFire).
In this case IP address 192.168.0.98, gateway 192.168.0.1 which is the address of the first IPFire.
Netmask is 255.255.0.0 as you might have guessed from /16.
Both IP addresse 192.168.0.98 and 192.168.0.99 are not used anywhere else.
As mentioned above, I can open the WebIF with https://192.168.0.99:444, SSH fails though, with a time out. Of course it’s enabled and the port is correct
For some reasons, I would like to have two IPFire running in parallel to copy some files from old to new and to compare other config files,
So, obviously my setup fails at some point. But how to set up the green and red network in this specific case, to let the new IPFire access the internet, tonload packages and to access the WebIF and SSH?
This means that your green lan on your second IPFire has IP’s from 192.168.0.1 to 192.168.255.254 which therefore covers also the red interface so the subnet coverage of your green and red interfaces overlap, which will create a problem for any firewall as the zones have to not overlap to work properly.
That’s obviously the case, indeed. However this does not fully explain why I can reach the WebIF on port 444 and get a time out when reschingbout for SSH port 222 on same IP.
Nevertheless, is there a solution available? I understand that it’s better to use a green IP range not used already. E.g. 10.10.10.0/24 on new IPFire.
Should the red interface get its static IP address from DHCP server on first IPFire? E.g. 192.168.0.98?
I then assume that the red interface will have access to internet if appropriate firewall rules are in place on first IPFire.
But will I be able to ooen the WebIF on 10.10.10.1:444 and get SSH access on this IP, too? I guess not, so which are the prerequisites? Add a static route in first IPFire? If so, what’s the exact routing?
If you mean is there a solution available when the red and green subnets have been set up to overlap, then I have no idea and I don’t think that is the way to go as that is running IPFire in a way that could end up allowing traffic through without being firewalled at all.
There is a solution which is to make sure that your subnet for red and the subnet for green do not overlap so that IPFire can work correctly as a routing firewall. Then if you still have problems with your ssh access then we can look closer at the logs and the issues.
If the subnets for this second IPFire are correct and presuming that the red i9nterface for this second IPFire is in your first IPFire’s green subnet then, with the default settings for Forward and Outgoing on your first IPFire, yes your second IPFire red interface will have access to the internet via the first IPFire.
You will only need appropriate firewall rules in place on the first IPFire if you have the Forward set to Blocked.
I am not sure I correctly understand if this is the WUI on the first IPFire that you are trying to access from the second IPFire green zone or the WUI on the second IPFire from the green zone of the first IPFire or the WUI of the second IPFire from the green zone of the second IPFire.
I am presuming that 10.10.10.1 is what will be your second IPFire’s green interface IP after changing it from the 192.168.0.99/16 subnet setting but I am not totally sure.
Could you please clarify what you are trying to access on which IPFire and from which zone on which IPFire.
