> # James Valleroy writes: > If your FreedomBox is behind a router (i.e. not publicly accessible from > the Internet), then yes, typically you will want the "FreedomBox WAN" > connection to be in the internal zone. > > Currently the default configuration is like this: > - If there is only one network interface, then it is internal. > - If there is more than one interface, the first one is external, and > the others are internal. > > Basically in the first case we assume the FreedomBox is behind a router, > and in the second case we assume the FreedomBox is replacing a router.
My freedombox has one physical network cable plugged in, is behind a router, and is not publicly accessible. (I did have OpenVPN enabled, with my router port-forwarding 1194 to the freedombox, but I've disabled that.) Maybe what happened is: - I enabled OpenVPN, which caused "FreedomBox WAN" to go to zone external; - I disabled OpenVPN, and "FreedomBox WAN" was incorrectly left in zone external, leaving networking in an inconsistent state. That's fine, I can manually return FreedomBox WAN to zone internal: [freedombox]$ firewall-cmd --permanent --zone=internal --add-interface=enp1s0 The interface is under control of NetworkManager, setting zone to 'internal'. success And now nc can connect, and the firewall works. Thanks for the assistance! -Aaron _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
