[Freedombox-discuss] New FreedomBox install, a few show stopper problems.

spectral spectral at sonic.net
Sun Jul 23 23:30:32 BST 2023 

matrix-synapse won't be available to fresh bookworm installs until it
appears in bookworm-backports.  If matrix-synapse was installed on
bullseye (from bullseye-backports), it will still be present following
an upgrade to bookworm.  There's some reason why matrix-synapse isn't
included in Debian releases but is later added to backports, but I
forget what it is.

On Sun, 2023-07-23 at 17:59 -0400, A. F. Cano wrote:
> Hello all,
> 
> In my ongoing attempts to figure out why the firewall does not allow
> any
> packets from inside to go out, I have created a brand new FreedomBox
> image on a new SD card:
> 
> Dled the latest FreedomBox bookworm/debian 12 for the apu1d4:
> 
> xz -d freedombox-bookworm_all-amd64.img.xz
> sudo dd bs=1M if=freedombox-bookworm_all-amd64.img of=/dev/sdf
> conv=fdatasync status=progress
> 
> It finished with no errors.
> 
> Mounted this new card and copied the definitions of the interfaces:
> 
> cd /mnt/etc/NetworkManager/system-connections
> sudo cp /home/afc/<location of saved files>/FreedomBox\ WAN .
> sudo cp /home/afc/<location of saved files>/FreedomBox\ LAN\ enp2s0 .
> sudo cp /home/afc/<location of saved files>/FreedomBox\ LAN\ enp3s0 .
> 
> The idea here is that with these definitions pre-loaded I would have
> access to the new SD card as easily as the old one.  Not so fast.
> 
> Plugged it into the Freedombox (an apu1d4) and ...
> 
> First problem: All my internal browsers use privoxy on the
> FreedomBos,
> so I got that error since Privoxy is not installed (yet) on the new
> FreedomBox.
> 
> My freedombox is not called "freedombox" so had to change the name in
> the https:.... line.  After that I could connect after telling the
> browser to ignore the self-signed certificate error.
> 
> Started the setup phase: administrative user, how the FreedomBox is
> connected to the internet: FreedomBox is your router, type of
> internet
> connection: may change over time, frequent updates activated.
> 
> Then did a software update.
> 
> After that, installed the old apps I had installed:
> 
> Coturn, ejabberd, ikiwiki, infinoted, matrix-synapse, mumble,
> privoxy,
> radicale, roundcube, searx, shaarli, sharing, syncthing, zoph.
> 
> And here is where I encountered the first insurmountable problem.  It
> claimed that matrix-synapse "is not available in your distribution:.
> This is obviously incorrect as my upgraded FreedomBox image (the one
> with the firewall problem) has matrix-synapse installed and working
> fine.
> 
> Also, the firewall issue remains.  Just as in the old image, inside
> packets don't go out through the firewall.  I have to disable it in
> order to run fetchmail from the inside.  This used to work fine
> before
> the dist-upgrade to bookworm.  Other internal apps that apparently
> need
> to send packets out also don't work, such as syncthing  and element.
> 
> There is this rule in direct.xml:
> 
> <passthrough ipv="ipv4">-A INPUT -m conntrack --ctstate
> ESTABLISHED,RELATED -j ACCEPT</passthrough>
> 
> So why is this happening?  Has no one else encountered this issue?
> 
> I have contacted the developers of syncthing and they are aware of
> the
> problem and intend to fix it at some point.  This problem is that
> even
> though both the syncthing client and server are on the inside network
> and therefore should not need access to sites outside, access to who
> knows what outside is necessary for it to sync.
> 
> Fetchmail and element also require the firewall to be disabled.
> Fetchmail has a good reason to send packets out: to contact the
> comcast
> mail server, but element should not need to send packets out since
> matrix-synapse is on the FreedomBox.
> 
> In any case, I manually installed all the apps since I was prompted
> to
> do so.  It would be nice is they would be installed automatically by
> the
> restore process, but that also didn't work.
> 
> I have a remote backup set up on an internal machine, so I tried to
> add
> a "Remote Backup Location" so I could restore all the user data to
> this
> new FreedomBox image.
> 
> But I got this error:
> 
> Command '['borg', 'info', '--json', '/media/7a8c91aa-2999-11ee-812e-
> 000db93f92a8']' returned non-zero exit status 2.×
> Repository removed.
> 
> Second fatal error.  Not only can I not install matrix-synapse, I
> can't
> restore any of my user data.  And the original problem that prompted
> all
> this: inside packets that don't go out because the firewall is
> blocking
> them, is still here, on a brand new image.
> 
> It looks like this is not something that got messed up on my old
> image,
> but some fundamental bug present in the distribution.  In the last
> couple of days python3-nftables and other firewall packages have been
> updated, but it didn't make any difference.
> 
> Any ideas?  I intended to compare firewall rules between the old
> image
> and the new one, but the new one has the same problem.
> 
> Any suggestions?
> 
> Thanks for reading this far...
> 
> Augustine
> 
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
>

More information about the Freedombox-discuss mailing list