[SOLVED] Cannot add new zone in Cockpit firewall

Problem Description
I am trying to add ports to the external firewall configuration to enable mosh from external networks, but can’t add the external zone.

Steps to Reproduce

  1. Login to FreedomBox Cockpit with administrative access.
  2. Networking tab, “add zone” to firewall configuration.

Expected Results
Expected “add zone” button to be available.

Actual results
“Add zone” button is not available “greyed out”.


Debian GNU/Linux 11 (bullseye) and FreedomBox version 21.11

Olimex A20-OLinuXino-LIME2 board

How did you install FreedomBox?
Purchased pre-installed version.

I think the reason “Add Zone” is greyed out is that there are no interfaces listed, meaning no interfaces available to be assigned to a zone. Normally you’d see interfaces listed with check boxes, and the button becomes active once a box is checked (and a trust level selected). It sounds like you have a FreedomBox Pioneer Edition, which comes with just one Ethernet interface. I would have thought that interface would have been assigned to the external zone during setup.

1 Like

+1 to what @lifeform said.

If you are using router port forwarding, you should just add the port to the “internal” zone and configure the port forwarding in the router.

Thanks guys, I did not have a correct understanding of the significance of the zones so that is helpful. It sounds like the portal is behaving normally for my setup.

I do have the ports forwarded on the router (same as I do for SSH), but for some reason I can’t get Mosh to connect from an external network (SSH connects fine). I was trying to poke around and see if I have something configured incorrectly; I guess I need to keep digging!

Thanks again,

Just to follow up, I was able to get this working after all and the Cockpit firewall setup (with the internal zone enabled ports) is working just fine.

I was using NordVPN to simulate an external network connection and hadn’t realized that NordVPN uses its own (additional) firewall rules, for which port 22 must have been whitelisted but 60000-61000 were not. Once I added a few ports to the whitelist I was able to establish an external Mosh connection through the VPN tunnel.

Thanks again,

1 Like