[Freedombox-discuss] connection/firewall problem with privoxy
- Subject: [Freedombox-discuss] connection/firewall problem with privoxy
- From: firstname.lastname@example.org (James Valleroy)
- Date: Tue, 28 Feb 2017 22:42:59 -0500
- Message-id: <[🔎] email@example.com>
- In-reply-to: <CALg=gdF2VLdMfNAopq4w2UXKn990qwpWSwaaYL5jHZVfirstname.lastname@example.org>
- References: <CALg=gdF2VLdMfNAopq4w2UXKn990qwpWSwaaYL5jHZVemail@example.com>
On 02/28/2017 09:52 AM, Aaron Ferrucci wrote:
>> # James Valleroy writes:
>> If your FreedomBox is behind a router (i.e. not publicly accessible from
>> the Internet), then yes, typically you will want the "FreedomBox WAN"
>> connection to be in the internal zone.
>> Currently the default configuration is like this:
>> - If there is only one network interface, then it is internal.
>> - If there is more than one interface, the first one is external, and
>> the others are internal.
>> Basically in the first case we assume the FreedomBox is behind a router,
>> and in the second case we assume the FreedomBox is replacing a router.
> My freedombox has one physical network cable plugged in, is behind a router,
> and is not publicly accessible. (I did have OpenVPN enabled, with my router
> port-forwarding 1194 to the freedombox, but I've disabled that.)
Just to clarify, when FreedomBox decides which zone to put the interface
in during first boot, it doesn't check if the interface is
connected/active. So if you have additional network ports, even without
cables connected, it will set the WAN connection as external zone.
> Maybe what happened is:
> - I enabled OpenVPN, which caused "FreedomBox WAN" to go to zone external;
> - I disabled OpenVPN, and "FreedomBox WAN" was incorrectly left in zone
> external, leaving networking in an inconsistent state.
> That's fine, I can manually return FreedomBox WAN to zone internal:
> [freedombox]$ firewall-cmd --permanent --zone=internal --add-interface=enp1s0
> The interface is under control of NetworkManager, setting zone to 'internal'.
That's good! BTW, you can also change zone assignments through the
Networks page in Plinth.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature