Confused by internal vs external network things

IndividualSolid · December 23, 2024, 5:56am

Finding myself a little confused by internal vs external settings. The FAQ refers me to " read the Q&A related to setting up your router and a DNS name" but as you can see, that wiki page now just points back to the FAQ.

I am running FreedomBox on a RaspberryPi 4B. It is connected by ethernet to my fiber router. This is eth0 or “Freedom Box WAN” in the UI. It is also connected to the routers wifi network as wlan0 (or “NETWORKNAME” in the UI). eth0 is set as external, and wlan0 is set as internal.

In my router, I forwarded ports 80 and 443 to the IP address the FreedomBox is using for eth0 (external). I set up Dynamic DNS and can access Plinth from off the network through the DNS name. All is well.

Here’s where it gets weird, or perhaps I am just misunderstanding things. When I go to the “Networks” section of setup, only via the DNS name or ethernet ip, I get the notification:

Networks is available only on internal networks or when the client is connected to FreedomBox through VPN.
Currently the following network interfaces are configured as internal: wlan0

Of course, this isn’t weird yet. When I access through freedombox.local, I do not see the notice. Makes sense, thats the internal network. When I access through the external network I see it. All tracks.

But, via the external network DNS, on my phone disconnected from wifi even, I can access the Networks page and change settings! Am I misunderstanding the notice? Should network settings be accessible to the external network?

Avron · December 23, 2024, 5:28pm

I did not try accessing via freedombox.localdomain (I have no machine connected there to check it) but on any access to the network page, I see the same notification, the meaning of which is also not clear to me, while I can modify network settings anyway.

Currently, it is possible to modify any setting no matter whether connected to plinth via internal or external network and I cannot see any motivation to specifically restrict the access to network settings while all other settings are accessible.

jvalleroy · December 23, 2024, 10:09pm

Hmm, the message is meant to be a generic one for any service that only works in the “internal” zone. It comes from this template:

This message will appear for any app that has a Firewall component that is set as internal-only (is_external=False). In the case of the Networks app, that is a Firewall component for the DNS and DHCP server provided for shared network connections:

In this case, the message is just not very clear about what exactly is limited to internal interfaces.

IndividualSolid · December 24, 2024, 12:06am

You’re right, it always shows up for me. Not dependent on connection. I was moving too fast and didn’t double check.

But it’s still a confusing message, as we all seem to agree!