On 02/28/2017 09:52 AM, Aaron Ferrucci wrote: >> # James Valleroy writes: >> If your FreedomBox is behind a router (i.e. not publicly accessible from >> the Internet), then yes, typically you will want the "FreedomBox WAN" >> connection to be in the internal zone. >> >> Currently the default configuration is like this: >> - If there is only one network interface, then it is internal. >> - If there is more than one interface, the first one is external, and >> the others are internal. >> >> Basically in the first case we assume the FreedomBox is behind a router, >> and in the second case we assume the FreedomBox is replacing a router. > > My freedombox has one physical network cable plugged in, is behind a router, > and is not publicly accessible. (I did have OpenVPN enabled, with my router > port-forwarding 1194 to the freedombox, but I've disabled that.)
Just to clarify, when FreedomBox decides which zone to put the interface in during first boot, it doesn't check if the interface is connected/active. So if you have additional network ports, even without cables connected, it will set the WAN connection as external zone. > Maybe what happened is: > > - I enabled OpenVPN, which caused "FreedomBox WAN" to go to zone external; > - I disabled OpenVPN, and "FreedomBox WAN" was incorrectly left in zone > external, leaving networking in an inconsistent state. > > That's fine, I can manually return FreedomBox WAN to zone internal: > > [freedombox]$ firewall-cmd --permanent --zone=internal > --add-interface=enp1s0 > The interface is under control of NetworkManager, setting zone to > 'internal'. > success That's good! BTW, you can also change zone assignments through the Networks page in Plinth. -- James
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
