I have been running the following configuration on a Fritzbox for a good 3 years, since switching from IPCop to ipfire:
ISP => Fritzbox (7520) => red network (DHCP) => ipfire => green network (home network).
In the home network, different devices are connected to the network, including my computer.
Since last weekend, I can no longer access the Internet from the green network.
What happened?
I got an update on my Fritzbox to the OS 7.57 on the said weekend.
All settings were taken over, also a reset to factory settings did not bring any success.
If I connect my computer directly, i.e. in ipfire to the Fritzbox, I can access the Internet. But not via ipfire anymore.
I do not want to exclude an error on my part in the configuration of ipfire, but I want to emphasize that I have not changed anything in this configuration. No device, even ipfire can no longer access the Internet. I can only access the web interface of the Fritzbox, but from there it does not go any further. Since the weekend I’m looking for a solution and have already written to the support of AVM, the answer was sobering and says it is not the Fritzbox.
I know no more advice especially since I now also no longer get updates from ipfire itself.
But I do not want to give up my home network and run everything only via the Fritzbox.
I would like to note that my configuration on different Fritzboxes with different operating systems has run flawlessly so far. I also know that the actual error is probably in the new OS 7.57 to look for, but AVM can not or will not help me, so I try it here once.
Has anyone had similar experiences and found a solution?
Tell me what more info you need and I will share it.
btw. I’m from german. I’ll send some picture from configuration of my fritz and of ipfire:
(Exuse me but the config of the fritzbox is only in german)
First of all: I dont speak german. The forum is international oriented, so english might be preferable.
Second, you can post images directly to the forum, without using drive.
Meaninful images…
I suppose also that “PortFreigaben” should mean “Port forwarding”, more or less. But I’m not sure.
Firewall rule 3: did you wrote it? Why you wrote in this way?
Which is the IP Address of IPFire on interface Green? Address for RED should be 192.168.178.21, according to your screenshots.
Use this challenging situation as a chance to learn more, specifically how to troubleshoot network issues. What follows is a common way to do it. Access the IPFire console and open two separate terminal windows.
In the first terminal, execute the following command to view the real-time kernel logs:
tail -f /var/log/messages
You can exit this at any time by pressing Ctrl+C.
In the second terminal, first make sure you can ping your gateway (fritzbox) and a server in the internet side of your red interface (e.g. www.google.com). Then, run the command below to initiate a connection to Google’s server and retrieve the header of its homepage:
curl -I http://www.google.com
While this command is executing, observe the first terminal for any kernel logs that are generated during this process. Capture these logs and share them here for further analysis.
looks like a rule intended to allow NTP traffic for clock synchronization between Fritzbox and IPFire, which I do not understand as it has the Fritzbox as source and the multicast address reserved for the Network Time Protocol as destination. Basically, this rule is “allowing” the traffic from the fritzbox to go to the multicast address. Traffic that should not be going through IPFire anyway.
If the problem arose just the update to the FritzBox with no modifications to IPFire, I think the source is located in FritzOS. Are there any settings intrepreted now in another way?
Fritzbox does it own NAT, are there any firewall settings which are active now with new OS? Sometimes settings are defined, but with no real effect.
Is the second LAN connection to the desktop only for error searching or was it existent before? What is the purpose of this device?
If even IPFire doesn’t get internet access, there must be the problem in FritzOS. The tips of cfusco can help to analyse this.
Port sharing is the term used in FritzOS for NAT. I would guess OP should have a port forward rule set to redirect (all?) the traffic to IPFire. In the change log there are few bugs that were corrected in the “Port Sharing” domain. Maybe these changes triggered the new behavior?
When Fritz OS was updated the Fritzbox likely was rebooted. Was IPFire rebooted afterwards. IPFire might still be expecting the previous IP and the Fritzbox might be giving a new one and refusing the old one.
The logs would be good to check this out and seeing what settings the red interface currently has.
I know that the forum is international, that’s why I wrote in English right away
And as a newbie, unfortunately I could not insert pictures, also it was only possible for me to post 2 links.
As for rule 3, I don’t remember why I made this rule 3 years ago.
Rule 6 is new, but this one didn’t bring a solution either.
As for the 2nd lan connection, that is now my computer and without that connection I would not have internet access. This connection is new.
And yes, I also think the problem is the new OS, but AVM, the manufacturer of the Fritzbox is silent on this. The update also came as a surprise and fixes some heavy security hole. What exactly that is, AVM is silent. Without this update, my configuration ran for 3 years on different Fritzboxes with different OS versions.
you misspelled google. Try again with the correct URL. Regardless, it looks like there is a problem with IPFire DNS cache server. Can you post a screenshot of of /Networks/Domain Name System from the web user interface?
EDIT: for your own privacy, you should edit your post and anonymize the mac addresses (AA:BB:CC:DD:EE:FF and variations would do the job).
Your poor IPFire machine does not know to whom ask for name resolution. Your ISP automatic assignment of name servers is failing somewhere. My guess is that Frizbox is not passing the information to IPFire with the DHCP negotiation (assuming IPFire gets its IP assigned through DHCP by Fritzbox).
Fritzbox is forwarding its own private IP address as the Name Server, not the provider’s DNS ip addresses. Which it would be all right if Fritzbox would provide a DNS cache service like unbound does in IPFire. It seems that it does not or that the DNS cache server is not functioning. I am not sure which of the two would be.
In the log I posted above, there are modifications attributed to the DNS. You should assign manually a DNS to IPFIre. If then the problem disappears, you now know what to tell AVM technical assistance (which is: FritzOS DNS provider assignment to IPFire is not working properly).