WUI + proxy stopped working

usually the backup is created automatically at each update of IPFire. You can find it and download it using the console.

Do you know where?

/var/ipfire/backup/

They are .ipf files. You have the main file and the extensions:

[root@ipfire cfusco]# locate *.ipf
/var/ipfire/backup/2023-03-03-13:13.ipf
/var/ipfire/backup/addons/backup/hostapd.ipf
/var/ipfire/backup/addons/backup/igmpproxy.ipf

Keep the same name.The easiest way to get them out is to plug in an external usb key (it should be mounted automatically under /media/usbkey directory ) and copy those file using the cp command. Something like:

cp /var/ipfire/backup/2023-03-03-13\:13.ipf /media/usbkey/

Thanks for your extensive reply!

Will go and try now, and report back of-course.

You can also run the backup commands from the console if you need to. See the wiki.

https://wiki.ipfire.org/configuration/system/backup/backupconsole

If not too late, can you check also /var/log/httpd/error_log and access_log?

Not too late. The firewall is booting now. Will check
The usb-stick doesn’t mount automatic. But doesn’t matter, the files in /var/ipfire/backup are the same I had on my laptop. (I made a backup when the WUI was still working.

When the setup for the new install started I got a very distorted screen, but I managed to make the right choice. Then I got a complaint about a videomode and the process stopped. Later I could choose video mode “0” but got a blank screen as well. I am using a very old laptop for this (x60) and I think I have to try with my other one.

[root@ipfireAppliance httpd]# cat error_log
[Sun Mar 12 00:01:00.964192 2023] [mpm_event:notice] [pid 6702:tid 133193506959552] AH00489: Apache/2.4.55 (Unix) OpenSSL/1.1.1t configured -- resuming normal operations
[Sun Mar 12 00:01:00.964436 2023] [core:notice] [pid 6702:tid 133193506959552] AH00094: Command line: '/usr/sbin/httpd'
given is experimental at /srv/web/ipfire/cgi-bin/services.cgi line 145.
when is experimental at /srv/web/ipfire/cgi-bin/services.cgi line 146.
given is experimental at /srv/web/ipfire/cgi-bin/services.cgi line 145.
when is experimental at /srv/web/ipfire/cgi-bin/services.cgi line 146.
Invalid header block at offset unknown at /var/ipfire/ids-functions.pl line 550.

and than a lot of " Invalid header" lines.
Than

27012; rev:459; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatvi: checksum error at /var/ipfire/ids-functions.pl line 550.
Invalid header block at offset unknown at /var/ipfire/ids-functions.pl line 550.

And again " Invalid header" lines.

than:

27012; rev:459; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatvi: checksum error at /var/ipfire/ids-functions.pl line 550.
[Fri Mar 17 21:54:53.695434 2023] [mpm_event:notice] [pid 6702:tid 133193506959552] AH00491: caught SIGTERM, shutting down
[Fri Mar 17 21:58:43.710841 2023] [mpm_event:notice] [pid 6750:tid 128086071464128] AH00489: Apache/2.4.55 (Unix) OpenSSL/1.1.1t configured -- resuming normal operations
[Fri Mar 17 21:58:43.712101 2023] [core:notice] [pid 6750:tid 128086071464128] AH00094: Command line: '/usr/sbin/httpd'
given is experimental at /srv/web/ipfire/cgi-bin/services.cgi line 145.
when is experimental at /srv/web/ipfire/cgi-bin/services.cgi line 146.
[Fri Mar 17 22:17:00.760583 2023] [mpm_event:notice] [pid 6738:tid 130057702023360] AH00489: Apache/2.4.55 (Unix) OpenSSL/1.1.1t configured -- resuming normal operations
[Fri Mar 17 22:17:00.762084 2023] [core:notice] [pid 6738:tid 130057702023360] AH00094: Command line: '/usr/sbin/httpd'
[Sat Mar 18 14:31:25.725858 2023] [mpm_event:notice] [pid 6740:tid 132741370392768] AH00489: Apache/2.4.55 (Unix) OpenSSL/1.1.1t configured -- resuming normal operations
[Sat Mar 18 14:31:25.727479 2023] [core:notice] [pid 6740:tid 132741370392768] AH00094: Command line: '/usr/sbin/httpd'
[Sat Mar 18 16:01:23.425898 2023] [cgid:error] [pid 6740:tid 132741370392768] AH01239: cgid daemon process died, restarting
[Sat Mar 18 16:01:23.647523 2023] [mpm_event:notice] [pid 6740:tid 132741370392768] AH00491: caught SIGTERM, shutting down
[Sat Mar 18 16:14:04.702288 2023] [mpm_event:notice] [pid 6681:tid 134089352024256] AH00489: Apache/2.4.55 (Unix) OpenSSL/1.1.1t configured -- resuming normal operations
[Sat Mar 18 16:14:04.703976 2023] [core:notice] [pid 6681:tid 134089352024256] AH00094: Command line: '/usr/sbin/httpd'

The access_log seems to stop after the WUI vanished.
Those are the last lines. That was yesterday evening.

192.168.21.1 - admin [17/Mar/2023:22:03:29 +0100] "GET /cgi-bin/speed.cgi HTTP/1.1" 200 133
192.168.21.1 - admin [17/Mar/2023:22:03:31 +0100] "GET /cgi-bin/speed.cgi HTTP/1.1" 200 133
192.168.21.10 - - [17/Mar/2023:22:20:56 +0100] "GET /wpad.dat HTTP/1.1" 200 702 "-" "Mozilla/5.0 (X11; Linux i686; rv:102.0) Gecko/20100101 Firefox/102.0"
192.168.22.41 - - [17/Mar/2023:23:47:03 +0100] "GET /wpad.dat HTTP/1.1" 200 702 "-" "Mozilla/5.0 (X11; Linux i686; rv:102.0) Gecko/20100101 Firefox/102.0"

Thanks Adolf, good to know!

Wait, I thought you had a mini appliance from lightning wire lab (basically an apu2 machine)? If that’s the case you need to connect to the machine with a null modem cable and use a serial emulator program. Is this what you are doing?

Yes, that is what I am doing.

I am connecting with
sudo screen /dev/ttyUSB0 115200

Works fine, but the new install gave a distorded screen.

Maybe your problem is related to this bug. However after you boot the linux kernel it should be back to normal.

You need to chose the serial console option though.

Ah, that’s exactly the screen I get.
I did choose to install, will try console options next. Might be a it later this evening, duty calls. Will try to install asap.

The logfiles don’t give much info afaik. They both have a gap in time and seem not to ave logged the event.

Anyway, will try to do a fresh install and report back.
You have been a life-safer so far, thank you very much!

maybe not. I see this line:

[Sat Mar 18 16:01:23.425898 2023] [cgid:error] [pid 6740:tid 132741370392768] AH01239: cgid daemon process died, restarting
[Sat Mar 18 16:01:23.647523 2023] [mpm_event:notice] [pid 6740:tid 132741370392768] AH00491: caught SIGTERM, shutting down

why is Apache chocking up? Maybe that’s why you can’t connect, the demon process dies, for some reason. A corrupted file?

Ah, I see.
Don’t know exactly, but I think occurred 17-03 somewhere between 23.00 and 00.00. Made some changes in IPS and then WUI stopped.
So I was looking for other timestamps.
Good find! (is that even English?)
The cachemanager page doesn’t load as well. And if Apache isn’t running thats no wonder.

it should be good finding

yes. Unfortunately we do not know what is Apache problem. Hopefully that’s not a problem with the mSATA disk. Well, after you install it from scratch and recover the backup everything should work well. If not, then I would consider changing the mSATA.

Perfect English

Little update.
I managed to reinstall IPFire and restore from backup.
Man, installing the appliance via the console is no joy. Distorted screens and loosing connection during install made me have to try a few times. And then the screen was nice to me and I could install in a breeze.
Had some trouble along the way restoring and starting over but all seems to work right now.
So that’s a relieve. Thank you very much @cfusco and @bonnietwin for following this journey and giving me advise.

During boot there are some strange error messages coming by on the console. I don’t think the are related to the issue in this thread so I will start another for that. (although there are lots of suricata flowbit messages during boot).
So, I’ll see how the firewall holds up.

Congratulations for your perseverance. Next time it will be much easier.

I could say “hopefully there won’t be a next time”, but I would be lying. Of course there it will be a next time. Hopefully, not for this issue.

Best of luck.

Just a hint about ‘distorted screens’ when using serial connections.

1. The BIOS of a board uses it’s own serial config ( baudrate etc. ) as does the OS to install. Because IPFire uses 115200 you should set your BIOS the same.
2. The first installation screen of IPFire is somehow scattered. Characters are output twice. This is a known error. But with a ‘sophisticated view’ on the menu one can choose the right topic. After this the screen should be ok.