Transfer the encrypted key to the IPCop box
/usr/bin/openssl enc -a -d -aes256 -salt -pass pass:<yourpasswordhere> -in encrypted.backup.key -out decrypted.backup.key
Insert backup password where it says <yourpasswordhere>.
Once that’s done, simply copy your decrypted.backup.key to the correct place:
cp decrypted.backup.key /var/ipcop/backup/backup.key
and overwrite the existing file.
Now you can import your saved backup and restore your settings.
You can backup the key before you face having to regenerate it as well.
to decrypt the file, here is an example:
openssl des3 -d -salt -in honeydew.pri-2012-04-04_04-05-23.dat -out foo.tgz -kfile backup.key
With IPfire 2.15 update 77 thru 79, the xtaccess is dropped and you have to use the firewall rules to enable ports.
Will copy page below for setting up the 113, 5444 and 222 port entries.
ipfire notesrestore /var/ipfire/main/hosts from backup
enable external access (port 444, 222) (change port 444 to port 5444 later)
enable ssh access (port 222)
change /etc/httpd/conf/listen.conf 444->5444
change /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf 444->5444
dynamic dns login goods and id will be required to be transferred.
port external access setup below for allowing external ssh and management
Step 1: Source
In the first section, you have to define the source network or IP address from where the network packets will be sent. If possible, restrict access to a single host or a group of hosts, rather than allowing any host on the internet to connect.
Step 2: Destination
Now, you will need to pick the destination for your network packets. Because you are directing traffic to a service running on the firewall itself, select the Red interface.
Step 3: Protocol
Choose the service that you wish to make accessible to the outside world. While it is technically possible to select “All” here, that would allow an outsider to connect to any service running on the firewall, and would be a huge security risk. For that reason, choose only those services to which you need to provide access.
Step 4: Done
We are almost done, now. Just make sure that you select the “ACCEPT” option, so that all packets that match your rule are accepted by the firewall and don't forget to add a descriptive remark.
Optionally, you may specify at which time the rule is active only. See Creating Firewall Rules (reference) for all about this feature.
Congratulations. You finally set up an external access!