Wednesday, March 14, 2012

IPcop backup restore after install. Porting to IPfire notes

Transfer the encrypted key to the IPCop box

/usr/bin/openssl enc -a -d -aes256 -salt -pass pass:<yourpasswordhere> -in encrypted.backup.key -out decrypted.backup.key

Insert backup password where it says <yourpasswordhere>.
Once that’s done, simply copy your decrypted.backup.key to the correct place:

cp decrypted.backup.key /var/ipcop/backup/backup.key

and overwrite the existing file.
Now you can import your saved backup and restore your settings.

You can backup the key before you face having to regenerate it as well.

to decrypt the file, here is an example:

openssl des3 -d -salt -in honeydew.pri-2012-04-04_04-05-23.dat -out foo.tgz -kfile backup.key

With IPfire 2.15 update 77 thru 79, the xtaccess is dropped and you have to use the firewall rules to enable ports.

Will copy page below for setting up the 113, 5444 and 222 port entries.

ipfire notes

restore /var/ipfire/main/hosts from backup
enable external access (port 444, 222)  (change port 444 to port 5444 later)
enable ssh access (port 222)
change /etc/httpd/conf/listen.conf 444->5444
change /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf 444->5444

pakfire  add:


dynamic dns login goods and id will be required to be transferred.

port external access setup below for allowing external ssh and management

Step 1: Source

In the first section, you have to define the source network or IP address from where the network packets will be sent. If possible, restrict access to a single host or a group of hosts, rather than allowing any host on the internet to connect.

Step 2: Destination

Now, you will need to pick the destination for your network packets. Because you are directing traffic to a service running on the firewall itself, select the Red interface.

Step 3: Protocol

Choose the service that you wish to make accessible to the outside world. While it is technically possible to select “All” here, that would allow an outsider to connect to any service running on the firewall, and would be a huge security risk. For that reason, choose only those services to which you need to provide access.

Step 4: Done

We are almost done, now. Just make sure that you select the “ACCEPT” option, so that all packets that match your rule are accepted by the firewall and don't forget to add a descriptive remark.
Optionally, you may specify at which time the rule is active only. See Creating Firewall Rules (reference) for all about this feature.
Congratulations. You finally set up an external access!


  1. Hi jim, this solution work in all version of IPCop?

  2. Work for IPCop V1.4.21, Thanks Jim!!

  3. Hi, I updated this for deciphering the backup to a tar.gz as well as porting the goods from ipcop to ipfire.

    The ipfire migration was done to get an Arm based hardware device for now. Will revert back to ipcop when it is ready, or if i can help get it done.

    ipfire is a fork of ipcop.

  4. Thanks Jim, I was in need of the deciphering part.