Hi, I’m not familiar with IPFire but from searching about I have reinstalled IPfire, restored a backup of my config and it won’t detect any updates etc. as the WebUI didn’t work after an upgrade. The Web Interface is now working, however now the System Logs only say:
01:20:00 ipfire: ntpdate error
I try running in putty:
# pakfire list
CRYPTO WARN: The GnuPG isn’t configured corectly. Trying now to fix this.
CRYPTO WARN: It’s normal to see this on first execution.
CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP.
packages total.
I try
# ntpdate 0.pool.ntp.org
Exiting, name server cannot be used: Temporary failure in name resolution (-3)21 Feb 15:13:35 ntpdate[24929]: name server cannot be used: Temporary failure in name resolution (-3)
I try
# gpg --keyserver pgp.mit.edu --always-trust --recv-key 65D0FD58
gpg: requesting key 65D0FD58 from hkp server pgp.mit.edu
gpgkeys: HTTP fetch error 6: Could not resolve host: pgp.mit.edu
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: general error
gpg: keyserver receive failed: general error
I try
#gpg --homedir /opt/pakfire/ --list-keys
gpg: WARNING: unsafe permissions on homedir `/opt/pakfire/’ #gpg --list-keys
(nothing is returned)
From what I can tell I need to try and open TCP port 11371 to try and get some GPG keys? but I am not sure what I need to do to open this port and then download them? Are you able to assist me getting these keys and potentially fixing this issue please?
Did you try to set date/time manually? Downloading updates and installing extra packages won’t work without correct time. Curiously won’t ntpdate even work too - last week as I tried to install a clean IPfire 138. Ipfire time servers were not reachable.
My Red Interface on the “setup” with in the terminal says the “Network mask” is different to what my Green Network mask is, but the Red is this is what my ISP supplied me for when I configure IPFire as my router.
I’m no expert in networking but I would have though these to separate networks (Internal (Green) and External (Red) ) would be ok to be different like this, can you explain why if not?
The keyservers are unstable so we have changed this long time ago. IPFire not need import the keys from keyserver anymore. The keys are shipped and installed from files at first init of pakfire.
The problem is that dns wont work without correct time and ntp usually needs dns to find the servers.
Normal IPFire test dns after setting new forwarders and if this fail it try to ntpdate with our ntp server (IP is hardcoded because dns not work)
Have you tried core141? In this update the whole dns is reworked and should work.
Correcting the time was to try and able downloading updates. I have configured the DNS in the Setup menu on the Terminal to use the DNS of the ISP and the secondary DNS of 8.8.8.8 to make sure there is a DNS it is happy with and I sill get:
|11:11:18|pakfire:|PAKFIRE INFO: IPFire Pakfire 2.19-x86_64 started!|
|---|---|---|
|11:11:18|pakfire:|CRYPTO INFO: Checking GnuPG Database|
|11:11:18|pakfire:|CRYPTO WARN: The GnuPG isn't configured corectly. Trying now to fix this.|
|11:11:18|pakfire:|CRYPTO WARN: It's normal to see this on first execution.|
|11:11:18|pakfire:|CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP.|
|11:11:19|pakfire:|Sending my uuid: b6da5e57-4517-45d1-b3a3-91b50a6661c4|
|11:11:19|pakfire:|DOWNLOAD STARTED: counter.py?ver=2.19-x86_64&uuid=b6da5e57-4517-45d1-b3a3-91b50 a6661c4|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: counter.py?ver=2.19-x86_ 64&uuid=b6da5e57-4517-45d1-b3a3-91b50a6661c4|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file counter.py?ver=2.19-x86_64|
|11:11:19|pakfire:|DOWNLOAD STARTED: 2.19-x86_64/lists/server-list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.19-x86_64/lists/server -list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: 2.19-x86_64/lists/server-list.db has size of bytes|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file 2.19-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.|
|11:11:19|pakfire:|DOWNLOAD STARTED: lists/packages_list.db|
|11:11:19|pakfire:|DOWNLOAD STARTED: 2.19-x86_64/lists/server-list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.19-x86_64/lists/server -list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: 2.19-x86_64/lists/server-list.db has size of bytes|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file 2.19-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.|
|11:11:19|pakfire:|DOWNLOAD STARTED: 2.19-x86_64/lists/server-list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.19-x86_64/lists/server -list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: 2.19-x86_64/lists/server-list.db has size of bytes|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file 2.19-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.|
|11:11:19|pakfire:|DOWNLOAD STARTED: 2.19-x86_64/lists/server-list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.19-x86_64/lists/server -list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: 2.19-x86_64/lists/server-list.db has size of bytes|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file 2.19-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.|
|11:11:19|pakfire:|DOWNLOAD STARTED: 2.19-x86_64/lists/server-list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.19-x86_64/lists/server -list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: 2.19-x86_64/lists/server-list.db has size of bytes|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file 2.19-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.|
|11:11:19|pakfire:|DOWNLOAD STARTED: 2.19-x86_64/lists/server-list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.19-x86_64/lists/server -list.db|
|11:11:19|pakfire:|DOWNLOAD INFO: 2.19-x86_64/lists/server-list.db has size of bytes|
|11:11:19|pakfire:|DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org: 80 (Bad hostname 'pakfire.ipfire.org')|
|11:11:19|pakfire:|Giving up: There was no chance to get the file 2.19-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.|
|11:11:19|pakfire:|MIRROR ERROR: Could not find or download a server list|
At this point I guess the only thing I can do to update IPFire is open port 11371 TCP, but what are the details/how would I do that please?
As i have already written, since core120 IPFire not need port 11371 anymore. We forgot to remove this message. But you use an outdated version. Download IPFire 2.25-core141!
It’s clear a dns problem! The DNSSec root-anchors has changed end of 2018. You cannot use such an old version without importing new anchors from iana.
I exported a backup of the config from 2.19 core 111 via the web interface, did a fresh install of the latest 2.2 core141, accessed it, restored my config file (.ipf), did a reboot to get the internet working (which it does) but I can’t access the web interface anymore since the last reboot. I reinstalled it again and restore the file again to get my configs back, rebooted and the same thing happened. I can however access it via putty.
I ran pakfire list and it’s returned LOADS on items in red. Is there a particular one to update to get the web interface working (if that’s the issue?) and how do you update all via putty?
Thanks, I was mistaken as I thought I had to run pakfire install -y <NameToUpdate1> <NameToUpdate2> <NameToUpdate3>etc... to update multiple updates to try get the web interface working as it showed 215 items I though it was of out of date updates , but I just realised this is 215 available plugins to manually install with that string.
The web interface isn’t working after I restored the .ipf backup. I’m thinking I’m going to have to reinstall it from fresh again and then manually reconfigure all our firewall rules, Qos Settings etc. because it seems we can’t restore our config backup from the earlier version without it causing issues and we can’t install the earlier version because it doesn’t then upgrade due to IPFires DNS / Key changes etc. Very frustrating. Unless there is a know reason/fix for the web interface?
The reason are not our changes. The keys of the dns rootzone has changed so all old software will not work without exchanging the rootzone anchors/keys.
I tried and I can see it’s not running, when starting it errors, as below:
/etc/init.d/apache stop
Stopping Apache daemon… Not running. [ OK ]
/etc/init.d/apache start
Starting Apache daemon…
httpd: Syntax error on line 51 of /etc/httpd/conf/httpd.conf: Syntax error on line 39 of /etc/httpd/conf/loadmodule.conf: Cannot load /usr/lib/apache/mod_cgi.so into server: /usr/lib/apache/mod_cgi.so: cannot open shared object file: No such file or directory
Of the reinvent files:
Line 51 is:
Include /etc/httpd/conf/loadmodule.conf
Line 39 is:
LoadModule cgi_module /usr/lib/apache/mod_cgi.so
This doesn’t exist, that’s correct:
/usr/lib/apache/mod_cgi.so
I comment out the line, it complains about ...Cannot load /usr/lib/apache/libphp5.so into server:..., I comment out that one and I get:
AH00526: Syntax error on line 1 of /etc/httpd/conf/uid.conf:
Invalid command ‘User’, perhaps misspelled or defined by a module not included in the server configuration [ FAIL ]
Before I run down the wrong path here are there any suggestions?
Damn, There are too much config changes between 2.19 and 2.25 so the import of such old backup is not working.
The only Idea that i have left is:
install core2.19 and restore the backup.
edit /etc/resolv.conf to
nameserver: 8.8.8.8 (or one that you trust more)
and try to install the updates with use of an external dns server.
Ok I’m going to have to do the reinstall on Monday Morning now due to other work I have on and to prevent interruption to other workers in work hours. Should I install the version the config came from of 2.19 - Core Update 111, put it on the latest of 2.19 - Core Update 120 or it doesn’t matter?
FYI, I reinstalled IPFire to version 2.19 - 111, made the change to /etc/resolv.conf as suggested and this then allowed me to see the update to apply so this seems to work, however the upgrade didn’t apply properly again.
In the end the fastest way to get the Firewall upgraded and working for it to not interrupt other people was fresh install and manually re-enter every rule I have. I’m still just tiding it up now so it’s not ideal, but it’s allowed me to have the updated firewall.