[Freedombox-discuss] EMERGENCY! after latest reboot, firewall doesn't let anything through.
Sunil Mohan Adapa
sunil at medhas.org
Mon Oct 11 18:32:26 BST 2021
On 10/11/21 10:23 AM, A. F. Cano wrote:
> On Sun, Oct 10, 2021 at 12:04:45PM -0700, Sunil Mohan Adapa wrote:
>> Hi Augustine,
>>
>> Sorry to hear about your troubles. Could you drop by on IRC or Matrix and we
>> can try to do some debugging of the problem together.
>
> I can do that, but I'm not sure how useful it would be for testing since
> I have to disable the firewall in order to connect to IRC.
I see. I can try to reproduce the issue here and ask for more
information if necessary.
>
>> If I understand correctly, traffic is not getting forwarded to Internet from
>> machines on the local network. Other functions of FreedomBox are working
>> properly.
>
> Well, mostly. As I've been reporting in another thread, dnsmasq is
> alternatively not starting at all, starting on one interface or starting
> on both internal interfaces. Currently, it doesn't start at all, so I
> have no dhcp on either internal interface.
This part can be temporarily worked around. On the machine on the
network, you can assign them static IP addresses in the same range that
dhcp server is supposed to assign the addresses. For example:
FreedomBox internal network IP address: 10.42.0.1 (say)
Client network configuration:
Type: Manual/Static
IP address: 10.42.0.10
Netmask: 255.255.255.0
Gateway: 10.42.0.1
DNS server: 1.1.1.1 (any publicly known DNS)
[...]
>>> Luckily I can still get into the FreedomBox via ssh, but any command
>>> typed there (such as sudo nft list ruleset) results in a very long wait
>>> (about 10-15 seconds) and then this shows up:
>>>
>>> pam-abl: BDB1546 unable to join the environment
>>>
>>> before the prompt for the password appears.
>>>
>>> This is new. I have rebooted the FreedomBox multiple times with no
>>> change.
This is usually is not serious error but a warning. libpam-abl is only
meant to block repeated failed login attempts. If it does not work as
expected, this is not a big problem. libpam-abl can also be removed or
it's database reset, if necessary.
--
Sunil
More information about the Freedombox-discuss
mailing list