I am not a Linux Admin – don’t really know the CLI commands. I have run other firewall software and am used to a WUI. I have installed IPF 2.27 core update 172 on an older system and I double checked to make sure that GREEN is using 192.168.1.1 (during initial install configuration).
For testing purposes, I have this connected to my ISP (RED - get IP via DHCP…) and then connected green to a switch and then to a Suse Linux Leap 15.4 desktop.
[I had set up DHCP on Green with a block of addresses to use for leases, I will have specific machines with set addresses (printers, file server, etc.) once done. So I got that set up so I can swap cables and this should go live. ]
In testing I can’t make connection with the WUI. It makes no difference if I use a name or IP address suffixed with “:444” FF comes back and says it can’t see/find the server.
Meanwhile on the desktop being used to test this with, I keep getting messages that “wired connection 1 is not connected”. I have swapped cables to make sure I didn’t have a bad cable. Now I get a message that the connection has limited capability or IP configuration is un-available.
The system that IPF is installed on has a dual port Ethernet adapter card and a motherboard ethernet port. I am using the adapter card as it is gigabit. Thankfully their mac addresses are one different from each other, so I could tell I had used those ports and not the one on the MOBO.
Can anyone tell me how, using the CLI to diagnose this? My day JOB is working on IBM type mainframes, and I am mostly a hobby-ist with Linux systems.
@stevet , welcome to the community.
Have you tried connect your desktop directly to IPFire? Just to lock out a defective switch.
What is the output of
Yes I have, and I have also swapped “switches” and no joy.
I was able to do the ifconfig green0 and it all looks good. However, RED0 does not have an IP address (no inet entry). Meanwhile I’m going to reboot the system just because (It isn’t windows, but sometimes even with Linux, things happen during init that, well, timeout or something). Goofy race conditions (well that is what we call it when things need to be serialized and aren’t).
I would recommend to first connect your PC/Laptop directly to the green interface of IPFire; after you checked also that you do have a good cat5 ethernet cable.
Important during the setup of IPFire is that you select the correct MAC adres of your interfaces and asign them to the correct Zone (RED,GREEN,BLUE, ORANGE)
When I started I only asigned 2 zones at first (can change later): RED and GREEN.
If you do not want to install from scratch you can invoke the installer from the command line again by typing ’ setup ’
If your test - you could help yourself by setting both interfaces / zones to dhcp. That way you should see on the laptop/pc what IP you got (opensuse terminal type: ip addr)
If you have the zone / card assigment correct you must be able to connect.
P.S.: in the IPFire shell you can also check which interface uses what mac
Type ‘ip addr’ to to see the asigned IP’s on the interfaces. It will also show the interface like green0 or red0.
Also if you type ‘ip link’, you should see that red0 and green0 are in the UP state.
I have it connected directly to the green interface. And my cable tester shows that I have a good cat5 cables (btw – I happen to have cable testers because I sometimes do electrical wiring and even phone/data cable wiring).
I am only using RED/GREEN because I have no need for DMZ or others at this time.
ip link shows that GREEN0 is working but RED0 doesn’t seem to be working.
ifconfig shows more details and I can see the mac addresses are as I thought they would/should be. Green0 has 192.168.1.1, but Red0 does not get back inet, so it does not show an IP address.
Now, per this, i should be able to get to the wgi on Green. But that is not happening because the desktop has not been assigned an IP lease. And I did configure DHCP for Green and I told RED to fetch an IP from the ISP’s DHCP. Well that apparently hasn’t happened and everything else using that switch has an ISP IP address. (I had to get some of my LAN functional since my firewall Gateway server failed hard – apparently over-heated).
For those giving advice on this, thank you.
Well, with all the testing I was doing, I had swapped the cables for Red and Green. They were plugged in as Green and Red. Doh!!
The way I found this was effectively a DHCP fight and DNS resolution that my wife’s laptop was having. When I saw the messages FF was spitting out… and I got into a “DOS BOX” and issued a command — the answer I got back told me what was going on.
So now trying to figure out the rest of the install stuff I need to do with the WUI.
Glad you found the issue…
You may want to consider:
I have labelled relevant ports on the computer running IPFire with coloured stickers.
The hardware port for eth0 (or 1 - depending) is automatically used for LAN which is the same default for IPFire green0. Then it takes the eth1 for WAN, red1. So happens OPNSense has the same default connection order.
I made a screenie from my motherboard manual to my own docs illustrating how default NIC ports are allocated on that hardware. Its a SuperMicro board so them calling it LAN1-LAN2 instead of ETH0 - ETH1, etcetera is not my idea. Once you get in to the system it makes more sense.
Having a list of the respective MAC addresses handy will also help.
I also use colour separated cables for these ports as they go to my FiberModem, Switch and AP.
An additional hint can be the ‘Identify’ button in the setup program.
If the NIC supports this, the selected card blinks if the button is pressed.
To be honest, I find that conn sequence for red and green incorrect and confusing since in all diagrams or flowcharts one would put WAN/Internet connection before LAN conn, FiberBox (or whatever it may be) 1st of all and then the Router or whatever relevant equipment…
Internet > Router > Switch / AP > LAN
But, well, I guess there is a reason for it.
Don’t know whether I’m right. But setting up green0 first just gives a sequence of connectivity which makes some sense:
- install OS, accessible per console
- setup green0, adds access via LAN ( WebGUI )
- setup red0, adds internet access
The problems resolved themselves overnight. Apparently the ISP did have a limit. So this morning I found that the Linux desktop finally had Internet connectivity. A few tests with this allowed me to immediately put IPF into the system as the firewall by cabling directly to red0, and then putting green0 to the switch that has the fan out to my LAN. Still doing the manual stuff now, of setting assigned IP addresses. But all systems are getting IP addresses and internet connectivity as they get powered up.