[Freedombox-discuss] New FreedomBox install, a few show stopper problems.
spectral
spectral at sonic.net
Sun Jul 23 23:30:32 BST 2023
matrix-synapse won't be available to fresh bookworm installs until it
appears in bookworm-backports. If matrix-synapse was installed on
bullseye (from bullseye-backports), it will still be present following
an upgrade to bookworm. There's some reason why matrix-synapse isn't
included in Debian releases but is later added to backports, but I
forget what it is.
On Sun, 2023-07-23 at 17:59 -0400, A. F. Cano wrote:
> Hello all,
>
> In my ongoing attempts to figure out why the firewall does not allow
> any
> packets from inside to go out, I have created a brand new FreedomBox
> image on a new SD card:
>
> Dled the latest FreedomBox bookworm/debian 12 for the apu1d4:
>
> xz -d freedombox-bookworm_all-amd64.img.xz
> sudo dd bs=1M if=freedombox-bookworm_all-amd64.img of=/dev/sdf
> conv=fdatasync status=progress
>
> It finished with no errors.
>
> Mounted this new card and copied the definitions of the interfaces:
>
> cd /mnt/etc/NetworkManager/system-connections
> sudo cp /home/afc/<location of saved files>/FreedomBox\ WAN .
> sudo cp /home/afc/<location of saved files>/FreedomBox\ LAN\ enp2s0 .
> sudo cp /home/afc/<location of saved files>/FreedomBox\ LAN\ enp3s0 .
>
> The idea here is that with these definitions pre-loaded I would have
> access to the new SD card as easily as the old one. Not so fast.
>
> Plugged it into the Freedombox (an apu1d4) and ...
>
> First problem: All my internal browsers use privoxy on the
> FreedomBos,
> so I got that error since Privoxy is not installed (yet) on the new
> FreedomBox.
>
> My freedombox is not called "freedombox" so had to change the name in
> the https:.... line. After that I could connect after telling the
> browser to ignore the self-signed certificate error.
>
> Started the setup phase: administrative user, how the FreedomBox is
> connected to the internet: FreedomBox is your router, type of
> internet
> connection: may change over time, frequent updates activated.
>
> Then did a software update.
>
> After that, installed the old apps I had installed:
>
> Coturn, ejabberd, ikiwiki, infinoted, matrix-synapse, mumble,
> privoxy,
> radicale, roundcube, searx, shaarli, sharing, syncthing, zoph.
>
> And here is where I encountered the first insurmountable problem. It
> claimed that matrix-synapse "is not available in your distribution:.
> This is obviously incorrect as my upgraded FreedomBox image (the one
> with the firewall problem) has matrix-synapse installed and working
> fine.
>
> Also, the firewall issue remains. Just as in the old image, inside
> packets don't go out through the firewall. I have to disable it in
> order to run fetchmail from the inside. This used to work fine
> before
> the dist-upgrade to bookworm. Other internal apps that apparently
> need
> to send packets out also don't work, such as syncthing and element.
>
> There is this rule in direct.xml:
>
> <passthrough ipv="ipv4">-A INPUT -m conntrack --ctstate
> ESTABLISHED,RELATED -j ACCEPT</passthrough>
>
> So why is this happening? Has no one else encountered this issue?
>
> I have contacted the developers of syncthing and they are aware of
> the
> problem and intend to fix it at some point. This problem is that
> even
> though both the syncthing client and server are on the inside network
> and therefore should not need access to sites outside, access to who
> knows what outside is necessary for it to sync.
>
> Fetchmail and element also require the firewall to be disabled.
> Fetchmail has a good reason to send packets out: to contact the
> comcast
> mail server, but element should not need to send packets out since
> matrix-synapse is on the FreedomBox.
>
> In any case, I manually installed all the apps since I was prompted
> to
> do so. It would be nice is they would be installed automatically by
> the
> restore process, but that also didn't work.
>
> I have a remote backup set up on an internal machine, so I tried to
> add
> a "Remote Backup Location" so I could restore all the user data to
> this
> new FreedomBox image.
>
> But I got this error:
>
> Command '['borg', 'info', '--json', '/media/7a8c91aa-2999-11ee-812e-
> 000db93f92a8']' returned non-zero exit status 2.×
> Repository removed.
>
> Second fatal error. Not only can I not install matrix-synapse, I
> can't
> restore any of my user data. And the original problem that prompted
> all
> this: inside packets that don't go out because the firewall is
> blocking
> them, is still here, on a brand new image.
>
> It looks like this is not something that got messed up on my old
> image,
> but some fundamental bug present in the distribution. In the last
> couple of days python3-nftables and other firewall packages have been
> updated, but it didn't make any difference.
>
> Any ideas? I intended to compare firewall rules between the old
> image
> and the new one, but the new one has the same problem.
>
> Any suggestions?
>
> Thanks for reading this far...
>
> Augustine
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
>
More information about the Freedombox-discuss
mailing list