Bug 8699

Summary: after 3beta2 install, shorewall blocks using WLAN
Product: Mageia Reporter: Marja Van Waes <marja11>
Component: InstallerAssignee: Olivier Blin <mageia>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: release_blocker CC: gruescubogdan, mageia, periliocastrol, thierry.vignaud
Version: CauldronKeywords: PATCH
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard: 3beta2
Source RPM: drakx-net CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 8700, 8770    
Attachments: report.bug.xz

Description Marja Van Waes 2013-01-15 19:18:32 CET 
Created attachment 3376 [details]
report.bug.xz

After a Mga3beta2 LXDE install, and then installing ipw2200, the network is up, but it is impossible to use the connection.

journalctl shows a lot of the same messages:

Jan 15 18:49:56 DenkBlok kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth1 SRC=192.168.1.140 DST=10.0.0.199 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2963 SEQ=1 

In MCC drakfirewall, to my surprise "Everything (no firewall)" is selected. After removing the tick there, and selecting to have the firewall for both network cards, WLAN functions as it should.

However, looking again afterwards, "Everything (no firewall)" is ticked again!

I'm filing against installer, but I'm not sure it was a default setting while installing that caused this, or just a bug in drakfirewall or somewhere else.
Comment 1 Marja Van Waes 2013-01-15 19:20:41 CET 
assigning to tv

@ colin

If you think this has nothing to do with installer or drakfirewall, please say so

CC: (none) => mageia
Assignee: bugsquad => thierry.vignaud
Whiteboard: (none) => 3beta2

Comment 2 Thierry Vignaud 2013-01-15 19:25:28 CET 
wrong package

Assignee: thierry.vignaud => mageia
Source RPM: drakx-installer-stage2, drakfirewall => drakx-net

Comment 3 Marja Van Waes 2013-01-15 19:44:10 CET 
(In reply to comment #2)
> wrong package

ah, if drakx-net is the culprit:

All my neighbours seemed to have changed their SSIDs, and instead of the Mac-address of our accesspoint, I saw some signs and letters, maybe like this: \O_\O_
Comment 4 claire robinson 2013-01-16 13:27:40 CET 
See also bug 7676
Comment 5 Marja Van Waes 2013-01-16 13:56:05 CET 
(In reply to comment #4)
> See also bug 7676

Ah, I thought that couldn't be the same bug, because I didn't hit it with a cauldron boot.iso install later.

Besides: With 3beta2, I did get an ip address, so I did get connected.

However, you're first in queue to have your bug fixed :-D

> instead of the Mac-address of our accesspoint, I saw some signs and letters,
> maybe like this: \O_\O_

That was (and is): \x00\x00 (so far for my memory :/ )
After a fresh start, WLAN is still usable :)
Manuel Hiebel 2013-01-21 22:25:50 CET

Priority: Normal => release_blocker

Manuel Hiebel 2013-01-22 12:23:12 CET

Blocks: (none) => 8770

Manuel Hiebel 2013-01-23 18:04:17 CET

Blocks: (none) => 8700

Comment 6 Olivier Blin 2013-02-07 23:19:14 CET 
Please open another bug for the \x00 thing, it looks like a separate issue.
Comment 7 Manuel Hiebel 2013-02-14 17:01:05 CET 
http://svnweb.mageia.org/soft/drakx-net/trunk/lib/network/shorewall.pm?revision=3607&view=markup#l111

/etc/rc3.d/S*shorewall no longer exist in cauldron 

this patch https://abf.rosalinux.ru/soft/drakx-net/commit/64b47b9b2aaca4b72a50f4dfdcfec4b3014af5c0#diff-2 from from rosa make drakfirewall working again

I don't know if it will fix other shorewall installer bugs (ie not enable as default)

Keywords: (none) => PATCH
CC: (none) => thierry.vignaud

Comment 8 Marja Van Waes 2013-02-15 13:08:15 CET 
(In reply to comment #6)
> Please open another bug for the \x00 thing, it looks like a separate issue.

I was just about to do that, but then I saw bug 8942 is already about \x00\x00\x00\x00\x00
I'll comment there.
Comment 9 Manuel Hiebel 2013-02-19 19:58:32 CET 
*** Bug 9125 has been marked as a duplicate of this bug. ***

CC: (none) => gruescubogdan

Comment 10 Thierry Vignaud 2013-02-19 20:19:29 CET 
(In reply to comment #7)
Ouch :-( !
Fixed in SVN
Thx for spotting this...

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 11 Perilio Castrol 2013-02-19 22:30:31 CET 
Now, when I try to configure the firewall, drakfirewall crashes. Here is the message I get:

The "drakfirewall" program has crashed with the following error:

  Undefined subroutine &services::is_service_running called at /usr/lib/libDrakX/network/shorewall.pm line 115.
  Perl's trace:
  standalone::bug_handler() called from /usr/lib/libDrakX/network/shorewall.pm:115
  network::shorewall::read() called from /usr/lib/libDrakX/network/drakfirewall.pm:219
  network::drakfirewall::get_conf() called from /usr/lib/libDrakX/network/drakfirewall.pm:333
  network::drakfirewall::main() called from /usr/sbin/drakfirewall:32

CC: (none) => periliocastrol

Comment 12 Manuel Hiebel 2013-02-19 23:04:57 CET 
have you a 'require services' in the file /usr/lib/libDrakX/network/shorewall.pm ?

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 13 Manuel Hiebel 2013-02-19 23:08:10 CET 
ok, it was missing, coming updates should fix it 

http://svnweb.mageia.org/soft/drakx-net/trunk/lib/network/shorewall.pm?r1=7340&r2=7348

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED

Comment 14 Olivier Blin 2013-03-24 15:48:30 CET 
This fix was broken in multiple ways:
- the check was inverted (it was ok in the initial Rosa patch though)
- quotes were missing around the "shorewall" service name
- it checks if shorewall is running, which it should check if the service is enabled (this should work better during installer)

I have updated the fix in r7657