Plinth service not starting - Firewall error

Support
1

Problem Description
I boot my freedombox and am met with the “Please wait for FreedomBox to finish installation. You can start using your FreedomBox once it is done.” message but the plinth service does not seem to run correctly.

Steps to Reproduce

  1. Turn on FreedomBox.
  2. Go to https://localip/plinth

Expected Results
I expected to see freedombox home page and begin installing services.

Actual results
plinth does not seem to be running as expected. The output of “sudo journalctl -u plinth” is shown below. I did have an initial error where plinth would not even start and I resolved this by unmasking the logind service which has led me to this point.

I do have access via the cockpit interface on port 9090. I can see that ssh and sshd services are not running, I don’t know if this relates to that issue?

Oct 22 18:58:43 DietPi /usr/bin/plinth[4114]: Running first setup.
Oct 22 18:58:43 DietPi /usr/bin/plinth[4114]: Running setup for apps, essential - True, selected apps - None
Oct 22 18:58:43 DietPi /usr/bin/plinth[4114]: Operation: firewall: Installing app: added
Oct 22 18:58:43 DietPi /usr/bin/plinth[4114]: Operation: firewall: Installing app: running
Oct 22 18:58:43 DietPi /usr/bin/plinth[4114]: Setup run: firewall
Oct 22 18:59:22 DietPi /usr/bin/plinth[4114]: # firewall…setup(…)
Oct 22 18:59:22 DietPi sudo[7671]: plinth : PWD=/ ; USER=root ; COMMAND=/usr/share/plinth/actions/actions firewall setup --write-fd 22
Oct 22 18:59:22 DietPi sudo[7671]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=107)
Oct 22 18:59:29 DietPi /usr/share/plinth/actions/actions[7673]: Error executing action: Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252.
Traceback (most recent call last):
File “/usr/share/plinth/actions/actions”, line 93, in call
return_values = func(arguments[‘args’], **arguments[‘kwargs’])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/plinth/modules/firewall/privileged.py”, line 126, in setup
subprocess.run([‘firewall-cmd’, ‘–set-default-zone=external’],
File “/usr/lib/python3.11/subprocess.py”, line 571, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252.
Oct 22 18:59:30 DietPi sudo[7671]: pam_unix(sudo:session): session closed for user root
Oct 22 18:59:30 DietPi /usr/bin/plinth[4114]: Error running action firewall…setup((), **{}): Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252. (252, [‘firewall-cmd’, ‘–set-default-zone=external’], b’‘, b’\x1b[31m ERROR\x1b[0m \x1b[94m__main_ \x1b[0m Error executing action: Command '['firewall-cmd', '–set-default-zone=external']' returned non-zero exit status 252.\nTraceback (most recent call last):\n File “/usr/share/plinth/actions/actions”, line 93, in _call\n return_values = func(*arguments['args'], **arguments['kwargs'])\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File “/usr/lib/python3/dist-packages/plinth/modules/firewall/privileged.py”, line 126, in setup\n subprocess.run(['firewall-cmd', '–set-default-zone=external'],\n File “/usr/lib/python3.11/subprocess.py”, line 571, in run\n raise CalledProcessError(retcode, process.args,\nsubprocess.CalledProcessError: Command '['firewall-cmd', '–set-default-zone=external']' returned non-zero exit status 252.\n’) [’ File “/usr/share/plinth/actions/actions”, line 93, in _call\n return_values = func(*arguments['args'], **arguments['kwargs'])\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n’, ’ File “/usr/lib/python3/dist-packages/plinth/modules/firewall/privileged.py”, line 126, in setup\n subprocess.run(['firewall-cmd', '–set-default-zone=external'],\n’, ’ File “/usr/lib/python3.11/subprocess.py”, line 571, in run\n raise CalledProcessError(retcode, process.args,\n’]
Oct 22 18:59:30 DietPi /usr/bin/plinth[4114]: Setup completed: firewall: Error installing app: Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252. Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252.
Oct 22 18:59:30 DietPi /usr/bin/plinth[4114]: Error running setup - Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252.
Oct 22 18:59:30 DietPi /usr/bin/plinth[4114]: Unable to complete setup: Command ‘[‘firewall-cmd’, ‘–set-default-zone=external’]’ returned non-zero exit status 252.
Oct 22 18:59:30 DietPi /usr/bin/plinth[4114]: Will try again in 10 seconds

Screenshot
I can provide a screenshot if necessary.

Information
FreedomBox version: I don’t know my version, I believe the latest stable at time of writing. If there’s a command please let me know, I can’t seem to find the help/about page.
Hardware: Raspberry Pi 3 Model B Plus Rev 1.3
How did you install FreedomBox?: apt install freedombox
OS: DietPi 8.23.3

2

It looks like you installed Freedombox yourself using apt, which is great. Check the Freedombox Manual for “14.2 Tips and Tricks” in Debian installation. Everybody misses this. I missed it in the beginning too.

You may be set up where Freedombox isn’t controlling your network interface through NetworkManager. This part of the manual tells you how to correct this.

FreedomBox uses NetworkManager to manage network configuration. If you have configured your network interfaces using Debian installer… (<- I think that is you.)

Here is what my /etc/network/interfaces looks like now, and note the # at the beginning of lines for my ethernet interfaces eno1 and eno2.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
# allow-hotplug eno1
# iface eno1 inet dhcp

# allow-hotplug eno2
# iface eno2 inet static
# address 192.168.144.1/24

3

Please provide the output of the following commands:

$ apt policy freedombox

$ uname -a

$ lsmod

4

@joseph, Many thanks for the link to the documentation. I updated /etc/network/interfaces to the example in the documentation but the original issue persists. I tried this with both the
source interfaces.d/*
commented and uncommented.

However I then noticed something. Here is the output of my /etc/network/interfaces file:

# Location: /etc/network/interfaces
# Please modify network settings via: dietpi-config
# Or create your own drop-ins in: /etc/network/interfaces.d/

# Freedombox test settings
auto lo
iface lo inet loopback

# Drop-in configs
# source interfaces.d/*

# Ethernet
#allow-hotplug eth0
#iface eth0 inet dhcp
#address 192.168.0.100
#netmask 255.255.255.0
#gateway 192.168.0.1
#dns-nameservers 192.168.1.254 fe80::8a0f:a2ff:fe44:b6cf%eth0

# WiFi
#allow-hotplug wlan0
#iface wlan0 inet dhcp
#address 192.168.0.100
#netmask 255.255.255.0
#gateway 192.168.0.1
#dns-nameservers 192.168.1.254 fe80::8a0f:a2ff:fe44:b6cf%eth0
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

I tried using the dietpi-config option but it’s a strange ncurses menu that doesn’t seem super intuitive… I’m guessing I can apply the same options to /etc/network/interfaces.d/ and see if that works? I’ll reply with results.

EDIT:
I restarted networkd.service and got the following output:

dietpi@DietPi:~$ sudo systemctl restart systemd-networkd.service 
dietpi@DietPi:~$ sudo journalctl -u systemd-networkd.service
Oct 23 19:10:25 DietPi systemd[1]: Starting systemd-networkd.service - Network Configuration...
Oct 23 19:10:25 DietPi systemd-networkd[2394]: eth0: Link UP
Oct 23 19:10:25 DietPi systemd-networkd[2394]: eth0: Gained carrier
Oct 23 19:10:25 DietPi systemd-networkd[2394]: lo: Link UP
Oct 23 19:10:25 DietPi systemd-networkd[2394]: lo: Gained carrier
Oct 23 19:10:25 DietPi systemd-networkd[2394]: eth0: Gained IPv6LL
Oct 23 19:10:25 DietPi systemd-networkd[2394]: Enumeration completed
Oct 23 19:10:25 DietPi systemd[1]: Started systemd-networkd.service - Network Configuration.

So, how is my eth0 interface still up if I’ve commented out the setting? I should only have my loopback up right? Or am I not understanding the output correctly?

5

@jvalleroy

As requested:

dietpi@DietPi:~$ apt policy freedombox
freedombox:
  Installed: 23.18~bpo12+1
  Candidate: 23.18~bpo12+1
  Version table:
 *** 23.18~bpo12+1 500
        100 https://deb.debian.org/debian bookworm-backports/main arm64 Packages
        100 /var/lib/dpkg/status
     23.6.2+deb12u1 500
        500 https://deb.debian.org/debian bookworm/main arm64 Packages
dietpi@DietPi:~$ 

dietpi@DietPi:~$ uname -a
Linux DietPi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr  3 17:24:16 BST 2023 aarch64 GNU/Linux
dietpi@DietPi:~$ 

dietpi@DietPi:~$ lsmod
Module                  Size  Used by
rfkill                 32768  1
nfnetlink              20480  0
lz4                    16384  4
lz4_compress           40960  1 lz4
zram                   24576  2
zsmalloc               28672  1 zram
binfmt_misc            20480  1
raspberrypi_hwmon      16384  0
uio_pdrv_genirq        16384  0
uio                    24576  1 uio_pdrv_genirq
drm                   581632  0
fuse                  135168  1
drm_panel_orientation_quirks    28672  1 drm
backlight              24576  1 drm
dm_mod                139264  0
ip_tables              32768  0
x_tables               53248  1 ip_tables
ipv6                  557056  34
dietpi@DietPi:~$
6

/etc/network/interfaces is static config applied at boot. When you comment or remove an interface from there the systemd NetworkManager can configure and manage the interface.

23 19:10:25 DietPi systemd-networkd[2394]: eth0: Link UP
Oct 23 19:10:25 DietPi systemd-networkd[2394]: eth0: Gained carrier

There is where this happened the right way for Freedombox. That’s good and you’ll want that, but there is another issue that you are working through as well.