Bug 19062

Summary: drakfirewall misses interfaces
Product: Mageia Reporter: Muhammad Tailounie <mageia>
Component: RPM PackagesAssignee: Thierry Vignaud <thierry.vignaud>
Status: NEW --- QA Contact:
Severity: major    
Priority: Normal CC: bruno, marja11, thierry.vignaud
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: drakxtools, drakx-net CVE:
Status comment:
Attachments: Configuring interfaces with drakfirewall
Configuring interfaces with drakfirewall
Configuring interfaces with drakfirewall

Description Muhammad Tailounie 2016-07-27 13:49:18 CEST 
My installation includes docker so network interfaces are created there too.
But the problem came up when I created a Mageia KVM guest with three network interfaces each with a different subnet. Two of those interfaces use network configuration that I created with virsh.

I launched drakfirewall in order to allow communication between the host and the guest through the three interfaces of the guest. drakfirewall does not show one  of the interfaces created by libvirt when launched whether from MCC or the terminal. I have to add the interface rules myself to shorewall configuration.

Steps to Reproduce:
1. define a network with virsh
2. define another network with virsh
3. create a KVM guest adding three network interfaces, two of which use the networks created in steps 1 and 2.
4. log into the guest
5. configure the firewall to allow pinging from all the available interfaces (3)
6. configure the firewall on MGA host to allow pinging from all the available interfaces (n interfaces)
7. try to ping
Comment 1 Marja Van Waes 2016-07-27 22:24:41 CEST 
CC'ing tv and bcornec, because I don't know which package to blame

CC: (none) => bruno, marja11, thierry.vignaud

Comment 2 Thierry Vignaud 2016-07-28 07:07:38 CEST 
You can try alter is_wireless_interface() in /usr/lib/libDrakX/detect_devices.pm

See http://gitweb.mageia.org/software/drakx/tree/perl-install/detect_devices.pm#n787

Source RPM: (none) => drakxtools, drakx-net

Comment 3 Thierry Vignaud 2016-07-28 08:12:16 CEST 
BTW what are your interfaces' names? virbr*?

Keywords: (none) => NEEDINFO

Comment 4 Muhammad Tailounie 2016-07-28 08:20:27 CEST 
(In reply to Thierry Vignaud from comment #2)
> You can try alter is_wireless_interface() in
> /usr/lib/libDrakX/detect_devices.pm
> 
> See
> http://gitweb.mageia.org/software/drakx/tree/perl-install/detect_devices.
> pm#n787

I'll try have a look at this one.

(In reply to Thierry Vignaud from comment #3)
> BTW what are your interfaces' names? virbr*?

I am not that conventional, sorry, the names are oscloud and oshor.
Comment 5 Marja Van Waes 2016-07-28 08:35:23 CEST 
(In reply to Muhammad Tailounie from comment #4)
<snip>
> 
> (In reply to Thierry Vignaud from comment #3)
> > BTW what are your interfaces' names? virbr*?
> 
> I am not that conventional, sorry, the names are oscloud and oshor.

Removing NEEDINFO

Keywords: NEEDINFO => (none)
Assignee: bugsquad => thierry.vignaud

Comment 6 Muhammad Tailounie 2016-07-28 08:55:25 CEST 
(In reply to Marja van Waes from comment #5)
> (In reply to Muhammad Tailounie from comment #4)
> <snip>
> > 
> > (In reply to Thierry Vignaud from comment #3)
> > > BTW what are your interfaces' names? virbr*?
> > 
> > I am not that conventional, sorry, the names are oscloud and oshor.
> 
> Removing NEEDINFO

What info do you need?

I'll try to detail the steps creating a new configuration in here:

Create virsh network definition: 

# vi /home/mageia/Documents/KVM-Conf/oscloud.xml 
<network>
        <name>oscloud</name>
        <bridge name="oscloud" />
        <ip address="192.168.23.1" netmask="255.255.255.0">
                <dhcp>
                        <range start="192.168.23.100" end="192.168.23.200" />
                </dhcp>
        </ip>
</network>

# vi /home/mageia/Documents/KVM-Conf/oshor.xml 
<network>
        <name>oshor</name>
        <bridge name="oshor" />
        <ip address="172.24.27.1" netmask="255.255.255.0">
                <dhcp>
                        <range start="172.24.27.100" end="172.24.27.200" />
                </dhcp>
        </ip>
</network>

# virsh net-define oscloud
# virsh net-define oshor
# virsh net-autostart oscloud
# virsh net-autostart oshor
# virsh start oscloud
# virsh start oshor

# virt-install --os-type linux --network=bridge=br0 -w network=oshor -w network=oscloud --disk path=/var/lib/libvirt/images/OSMGACON.img,size=50,serial=OS-000-MUL-00 --boot uefi -l http://mirror.netcologne.de/mageia/distrib/6/x86_64 --vcpus=4 --ram=4096 --video vga --name=OSMGACON

# drakfirewall

# ping 192.168.23.10  // This is the address I assign to the guest

I am attaching screenshots. The last one does not show my oshor and oscloud interfaces unless I manually add them to /etc/shorewall/interfaces
Comment 7 Muhammad Tailounie 2016-07-28 08:56:32 CEST 
Created attachment 8267 [details]
Configuring interfaces with drakfirewall

First screenshot
Comment 8 Muhammad Tailounie 2016-07-28 08:56:59 CEST 
Created attachment 8268 [details]
Configuring interfaces with drakfirewall

Screenshot 2
Comment 9 Muhammad Tailounie 2016-07-28 08:57:24 CEST 
Created attachment 8269 [details]
Configuring interfaces with drakfirewall

Screenshot 3
Comment 10 Muhammad Tailounie 2016-07-28 08:58:46 CEST 
In the last screenshot the interfaces are there because I have added them manually! Otherwise, I wouldn't get it to work :|
Comment 11 Marja Van Waes 2016-07-28 09:53:07 CEST 
(In reply to Muhammad Tailounie from comment #6)
> (In reply to Marja van Waes from comment #5)
> > (In reply to Muhammad Tailounie from comment #4)
> > > (In reply to Thierry Vignaud from comment #3)
> > > > BTW what are your interfaces' names? virbr*?
> > > 
> > > I am not that conventional, sorry, the names are oscloud and oshor.
> > 
> > Removing NEEDINFO
> 
> What info do you need?
> 

I *removed* the NEEDINFO keyword, because you had supplied the information (your interface names) Thierry asked for when he set that keyword ;-)

However, thanks for all the additional information :-)
Comment 12 Muhammad Tailounie 2016-07-28 10:04:29 CEST 
Hope it helps :)
Comment 13 Thierry Vignaud 2016-08-04 11:55:47 CEST 
(In reply to Muhammad Tailounie from comment #10)
> In the last screenshot the interfaces are there because I have added them
> manually! Otherwise, I wouldn't get it to work :|

How did you do that?