Interfaces not accessible

pnemenz · March 21, 2024, 1:05pm

I recently downloaded Nethsecurity and installed it on Proxmox.

The installation went great following the manual.

I then migrated the firewall settings according to the manual. When I now try to access under Interfaces and devices I’ll get the following Error:

Cannot load network devices
Server error
AxiosError: Request failed with status code 500

Any sugestions?

giacomo · March 21, 2024, 1:58pm

Thank you for testing.
Please follow the the troubleshooting guide and report info here: Troubleshooting — NethSecurity documentation

pnemenz · March 21, 2024, 2:44pm

System runninng on Proxmox, Updated at 21.3.2024, 15:13

The Dashboard says:

Standard PC (i440FX + PIIX, 1996)
Operating systemNethSecurity 8 23.05.2-ns.0.0.2-beta2
Load 1 / 5 / 15 minutes1.34 / 0.42 / 0.18
Memory736.71 MiB free of 917.18 MiB
Root189.05 MiB free of 252.56 MiB
Tmpfs478.73 MiB free of 492.62 MiB

on the Interface Page I looked into the details of the error message:

Ubus request failed
Request failed
ns.devices list-devices

when executing the command in a shell I’ll get

 /usr/libexec/rpcd/ns.devices call list-devices
Traceback (most recent call last):
  File "/usr/libexec/rpcd/ns.devices", line 1205, in <module>
    devices = list_devices()
              ^^^^^^^^^^^^^^
  File "/usr/libexec/rpcd/ns.devices", line 173, in list_devices
    devices_used_by_logical_ifaces += device.get('ports')
TypeError: 'NoneType' object is not iterable

interface related I found in /var/log/messages:

Mar 21 12:49:07 Fw netifyd[3210]: Error opening directory: /etc/netify.d/domains.d: No such file or directory
Mar 21 12:49:07 Fw netifyd[3210]: br-lan: WARNING: interface not available.
Mar 21 12:49:07 Fw netifyd[3210]: np-nfa: Netify Agent Flow Actions Plugin, v1.0.13
Mar 21 12:49:07 Fw netifyd[3210]: np-nfa: Copyright (C) 2022 eGloo Incorporated.
Mar 21 12:49:07 Fw netifyd[3210]: np-nfa: flow action targets: ctlabel, log, nftset
Mar 21 12:49:07 Fw netifyd[3210]: Reloading configuration...
Mar 21 12:49:07 Fw netifyd[3210]: np-stats: Netify Agent Stats Plugin v1.0.17 (C) 2021 eGloo Incorporated.
Mar 21 12:49:07 Fw netifyd[3210]: Error opening directory: /etc/netify.d/domains.d: No such file or directory
Mar 21 12:49:07 Fw netifyd[3210]: Configuration reloaded.

there are a lot of lines in /var/log/messages like


Mar 21 12:53:56 Fw kernel: [  303.376269] 25_migrated: IN= OUT=eth1 SRC=192.168.1.1 DST=192.168.1.3 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=43817 DF PROTO=ICMP TYPE=8 CODE=0 ID=39253 SEQ=1 MARK=0x3f00

giacomo · March 21, 2024, 3:31pm

It seems you hit this bug: Trello

You can find the fix in the image 8-23.05.2-ns.0.0.2-beta2-57-g3c6e930, download it from the download page

pnemenz · March 21, 2024, 4:36pm

I’m sorry to say, but the new image did not chage a thing.
I did start over, deleted the VM and build it new acording to the manual but with the latest image. After migration the same error.

giacomo · March 21, 2024, 4:51pm

Can you please post the output of this command?

cat /etc/config/network

pnemenz · March 21, 2024, 7:05pm

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config device 'br0'
        option name 'br0'
        option type 'bridge'
        option ipv6 '0'

config interface 'lan1'
        option proto 'static'
        option ipaddr '192.168.178.1'
        option netmask '255.255.255.0'
        option device 'br0'

config interface 'Telematica'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.2'
        option device 'eth1'
        option metric '1'

giacomo · March 22, 2024, 7:28am

Probably something strange happened during the migration.
You need to add the ports field in the bridge above, something like:

config device 'br0'
        option name 'br0'
        option type 'bridge'
        option ipv6 '0'
        list ports 'eth0'

pnemenz · March 22, 2024, 4:29pm

Thank’s alot, this did it.
I might clean up my Nethserver7 installation before I migrate zu the Nethsecurity.

Do you already plan a release date?

giacomo · March 22, 2024, 4:50pm

Very good.

If possible and you have time, I would like to have the export of the migration to try to reproduce and prevent the error on other installation.
If you can’t share the full export, the network.json is enough, on NS7 execute and copy the output here:

/usr/share/nethserver-firewall-migration/network

No spoiler

pnemenz · March 22, 2024, 4:59pm

I have to admit I manualy changed the IP adresses in the json, since the ns7 ist still runing. I just changed the digit 4 to 1 on both interfaces.
here is the output of the comand made just now. Let me know if you also want the changed one

 /usr/share/nethserver-firewall-migration/network
{"snats":[],"forwardings":[],"bonds":[],"devices":{"00:0c:29:24:4a:60":"ens32","00:0c:29:24:4a:6a":"ens34"},"skipped":[],"bridges":[{"ports":[{"type":"ethernet","hwaddr":"00:0c:29:24:4a:60"}],"name":"br0"}],"zones":[{"network":["Telematica"],"input":"DROP","forward":"REJECT","name":"wan","output":"ACCEPT"},{"network":["lan1"],"input":"ACCEPT","forward":"ACCEPT","name":"lan","output":"ACCEPT"}],"vlans":[],"interfaces":[{"proto":"static","gateway":"","zone":"lan","name":"br0","device":"br0","interface":"lan1","netmask":"255.255.255.0","role":"green","ipaddr":"192.168.178.4"},{"proto":"static","gateway":"192.168.1.2","zone":"wan","name":"ens34","hwaddr":"00:0c:29:24:4a:6a","bandwidth_up":"20000kbit","bandwidth_down":"150000kbit","interface":"Telematica","netmask":"255.255.255.0","role":"red","ipaddr":"192.168.1.4"}],"aliases":[]}

giacomo · March 22, 2024, 6:19pm

Thanks, that’s should be enough!