matrix-synapse won't be available to fresh bookworm installs until it appears in bookworm-backports. If matrix-synapse was installed on bullseye (from bullseye-backports), it will still be present following an upgrade to bookworm. There's some reason why matrix-synapse isn't included in Debian releases but is later added to backports, but I forget what it is.
On Sun, 2023-07-23 at 17:59 -0400, A. F. Cano wrote: > Hello all, > > In my ongoing attempts to figure out why the firewall does not allow > any > packets from inside to go out, I have created a brand new FreedomBox > image on a new SD card: > > Dled the latest FreedomBox bookworm/debian 12 for the apu1d4: > > xz -d freedombox-bookworm_all-amd64.img.xz > sudo dd bs=1M if=freedombox-bookworm_all-amd64.img of=/dev/sdf > conv=fdatasync status=progress > > It finished with no errors. > > Mounted this new card and copied the definitions of the interfaces: > > cd /mnt/etc/NetworkManager/system-connections > sudo cp /home/afc/<location of saved files>/FreedomBox\ WAN . > sudo cp /home/afc/<location of saved files>/FreedomBox\ LAN\ enp2s0 . > sudo cp /home/afc/<location of saved files>/FreedomBox\ LAN\ enp3s0 . > > The idea here is that with these definitions pre-loaded I would have > access to the new SD card as easily as the old one. Not so fast. > > Plugged it into the Freedombox (an apu1d4) and ... > > First problem: All my internal browsers use privoxy on the > FreedomBos, > so I got that error since Privoxy is not installed (yet) on the new > FreedomBox. > > My freedombox is not called "freedombox" so had to change the name in > the https:.... line. After that I could connect after telling the > browser to ignore the self-signed certificate error. > > Started the setup phase: administrative user, how the FreedomBox is > connected to the internet: FreedomBox is your router, type of > internet > connection: may change over time, frequent updates activated. > > Then did a software update. > > After that, installed the old apps I had installed: > > Coturn, ejabberd, ikiwiki, infinoted, matrix-synapse, mumble, > privoxy, > radicale, roundcube, searx, shaarli, sharing, syncthing, zoph. > > And here is where I encountered the first insurmountable problem. It > claimed that matrix-synapse "is not available in your distribution:. > This is obviously incorrect as my upgraded FreedomBox image (the one > with the firewall problem) has matrix-synapse installed and working > fine. > > Also, the firewall issue remains. Just as in the old image, inside > packets don't go out through the firewall. I have to disable it in > order to run fetchmail from the inside. This used to work fine > before > the dist-upgrade to bookworm. Other internal apps that apparently > need > to send packets out also don't work, such as syncthing and element. > > There is this rule in direct.xml: > > <passthrough ipv="ipv4">-A INPUT -m conntrack --ctstate > ESTABLISHED,RELATED -j ACCEPT</passthrough> > > So why is this happening? Has no one else encountered this issue? > > I have contacted the developers of syncthing and they are aware of > the > problem and intend to fix it at some point. This problem is that > even > though both the syncthing client and server are on the inside network > and therefore should not need access to sites outside, access to who > knows what outside is necessary for it to sync. > > Fetchmail and element also require the firewall to be disabled. > Fetchmail has a good reason to send packets out: to contact the > comcast > mail server, but element should not need to send packets out since > matrix-synapse is on the FreedomBox. > > In any case, I manually installed all the apps since I was prompted > to > do so. It would be nice is they would be installed automatically by > the > restore process, but that also didn't work. > > I have a remote backup set up on an internal machine, so I tried to > add > a "Remote Backup Location" so I could restore all the user data to > this > new FreedomBox image. > > But I got this error: > > Command '['borg', 'info', '--json', '/media/7a8c91aa-2999-11ee-812e- > 000db93f92a8']' returned non-zero exit status 2.× > Repository removed. > > Second fatal error. Not only can I not install matrix-synapse, I > can't > restore any of my user data. And the original problem that prompted > all > this: inside packets that don't go out because the firewall is > blocking > them, is still here, on a brand new image. > > It looks like this is not something that got messed up on my old > image, > but some fundamental bug present in the distribution. In the last > couple of days python3-nftables and other firewall packages have been > updated, but it didn't make any difference. > > Any ideas? I intended to compare firewall rules between the old > image > and the new one, but the new one has the same problem. > > Any suggestions? > > Thanks for reading this far... > > Augustine > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss > _______________________________________________ Freedombox-discuss mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
