10160 – Mageia 3 Live Gnome WIFI Blocked by Shorewall

Bug 10160 - Mageia 3 Live Gnome WIFI Blocked by Shorewall

Summary: Mageia 3 Live Gnome WIFI Blocked by Shorewall

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	3
Hardware:	x86_64 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-05-20 01:40 CEST by Andy Liebman
Modified:	2015-03-31 16:06 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Andy Liebman 2013-05-20 01:40:43 CEST

I just booted in the Live Gnome DVD for Mageia 3.  I was able to configure my WIFI network, and I connected to my Access Point, got an IP Address, etc.  "route" showed the correct "default gateway".  /etc/resolv.conf showed the correct DNS server (acquired by DHCP).  Yet, I could not ping anything on my home network.  

Dmesg told the whole story.  Shorewall was blocking all traffic on wlan0!  I rebooted and double checked to see if the same thing would happen again the next time I booted the Live DVD.  Same problem. 

[  639.233343] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12459 DF PROTO=UDP SPT=47345 DPT=53 LEN=40 
[  639.233418] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12459 DF PROTO=UDP SPT=38566 DPT=53 LEN=40 
[  639.233480] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12459 DF PROTO=UDP SPT=53859 DPT=53 LEN=40 
[  639.235247] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12461 DF PROTO=UDP SPT=34512 DPT=53 LEN=40 
[  639.235326] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12461 DF PROTO=UDP SPT=58747 DPT=53 LEN=40 
[  639.235393] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12461 DF PROTO=UDP SPT=32823 DPT=53 LEN=40 
[  639.235451] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12461 DF PROTO=UDP SPT=57257 DPT=53 LEN=40 
[  654.881278] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=74.69.224.142 DST=192.168.15.107 LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=23920 DF PROTO=TCP SPT=2383 DPT=13846 WINDOW=65535 RES=0x00 SYN URGP=0 
[  656.160625] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=74.69.224.142 DST=192.168.15.107 LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=23990 DF PROTO=TCP SPT=2384 DPT=13846 WINDOW=65535 RES=0x00 SYN URGP=0 
[  657.986638] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=74.69.224.142 DST=192.168.15.107 LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=24131 DF PROTO=TCP SPT=2383 DPT=13846 WINDOW=65535 RES=0x00 SYN URGP=0 
[  658.988593] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=74.69.224.142 DST=192.168.15.107 LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=24204 DF PROTO=TCP SPT=2384 DPT=13846 WINDOW=65535 RES=0x00 SYN URGP=0 
[  667.912650] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=181.28.162.223 DST=192.168.15.107 LEN=139 TOS=0x00 PREC=0x20 TTL=107 ID=31228 PROTO=UDP SPT=55115 DPT=13846 LEN=119 
[  667.912711] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=181.28.162.223 LEN=167 TOS=0x00 PREC=0xC0 TTL=64 ID=31715 PROTO=ICMP TYPE=3 CODE=3 [SRC=181.28.162.223 DST=192.168.15.107 LEN=139 TOS=0x00 PREC=0x20 TTL=107 ID=31228 PROTO=UDP SPT=55115 DPT=13846 LEN=119 ] 
[  669.922730] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=181.28.162.223 DST=192.168.15.107 LEN=139 TOS=0x00 PREC=0x20 TTL=107 ID=31232 PROTO=UDP SPT=55115 DPT=13846 LEN=119 
[  669.922793] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=181.28.162.223 LEN=167 TOS=0x00 PREC=0xC0 TTL=64 ID=31716 PROTO=ICMP TYPE=3 CODE=3 [SRC=181.28.162.223 DST=192.168.15.107 LEN=139 TOS=0x00 PREC=0x20 TTL=107 ID=31232 PROTO=UDP SPT=55115 DPT=13846 LEN=119 ] 
[  673.932188] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=181.28.162.223 DST=192.168.15.107 LEN=139 TOS=0x00 PREC=0x20 TTL=107 ID=31241 PROTO=UDP SPT=55115 DPT=13846 LEN=119 
[  673.932239] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=181.28.162.223 LEN=167 TOS=0x00 PREC=0xC0 TTL=64 ID=31717 PROTO=ICMP TYPE=3 CODE=3 [SRC=181.28.162.223 DST=192.168.15.107 LEN=139 TOS=0x00 PREC=0x20 TTL=107 ID=31241 PROTO=UDP SPT=55115 DPT=13846 LEN=119 ] 
[  676.556722] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=77.20.113.191 DST=192.168.15.107 LEN=136 TOS=0x00 PREC=0x20 TTL=46 ID=21691 PROTO=UDP SPT=61129 DPT=13846 LEN=116 
[  676.556786] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=77.20.113.191 LEN=164 TOS=0x00 PREC=0xC0 TTL=64 ID=53675 PROTO=ICMP TYPE=3 CODE=3 [SRC=77.20.113.191 DST=192.168.15.107 LEN=136 TOS=0x00 PREC=0x20 TTL=46 ID=21691 PROTO=UDP SPT=61129 DPT=13846 LEN=116 ] 
[  678.582133] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=77.20.113.191 DST=192.168.15.107 LEN=136 TOS=0x00 PREC=0x20 TTL=46 ID=25252 PROTO=UDP SPT=61129 DPT=13846 LEN=116 
[  678.582183] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=77.20.113.191 LEN=164 TOS=0x00 PREC=0xC0 TTL=64 ID=53676 PROTO=ICMP TYPE=3 CODE=3 [SRC=77.20.113.191 DST=192.168.15.107 LEN=136 TOS=0x00 PREC=0x20 TTL=46 ID=25252 PROTO=UDP SPT=61129 DPT=13846 LEN=116 ] 
[  682.593244] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=77.20.113.191 DST=192.168.15.107 LEN=136 TOS=0x00 PREC=0x20 TTL=46 ID=25764 PROTO=UDP SPT=61129 DPT=13846 LEN=116 
[  682.593304] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=77.20.113.191 LEN=164 TOS=0x00 PREC=0xC0 TTL=64 ID=53677 PROTO=ICMP TYPE=3 CODE=3 [SRC=77.20.113.191 DST=192.168.15.107 LEN=136 TOS=0x00 PREC=0x20 TTL=46 ID=25764 PROTO=UDP SPT=61129 DPT=13846 LEN=116 ] 
[  687.099074] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60394 DF PROTO=UDP SPT=36966 DPT=53 LEN=43 
[  687.099224] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60394 DF PROTO=UDP SPT=39263 DPT=53 LEN=43 
[  687.099306] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60395 DF PROTO=UDP SPT=53172 DPT=53 LEN=43 
[  687.099370] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60395 DF PROTO=UDP SPT=42464 DPT=53 LEN=43 
[  687.099682] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60395 DF PROTO=UDP SPT=44367 DPT=53 LEN=43 
[  687.099756] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60395 DF PROTO=UDP SPT=39372 DPT=53 LEN=43 
[  687.099824] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60395 DF PROTO=UDP SPT=46250 DPT=53 LEN=43 
[  687.099884] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60395 DF PROTO=UDP SPT=44715 DPT=53 LEN=43 
[  687.100442] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60396 DF PROTO=UDP SPT=58413 DPT=53 LEN=43 
[  687.100529] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60396 DF PROTO=UDP SPT=49234 DPT=53 LEN=43 
[  687.100600] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60396 DF PROTO=UDP SPT=52399 DPT=53 LEN=43 
[  687.100661] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=192.168.15.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=60396 DF PROTO=UDP SPT=52810 DPT=53 LEN=43 
[  758.068011] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=213.199.179.158 DST=192.168.15.107 LEN=162 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=UDP SPT=40001 DPT=13846 LEN=142 
[  758.068073] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=213.199.179.158 LEN=190 TOS=0x00 PREC=0xC0 TTL=64 ID=26729 PROTO=ICMP TYPE=3 CODE=3 [SRC=213.199.179.158 DST=192.168.15.107 LEN=162 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=UDP SPT=40001 DPT=13846 LEN=142 ] 
[  760.071021] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=213.199.179.158 DST=192.168.15.107 LEN=162 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=UDP SPT=40001 DPT=13846 LEN=142 
[  760.071040] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=213.199.179.158 LEN=190 TOS=0x00 PREC=0xC0 TTL=64 ID=26730 PROTO=ICMP TYPE=3 CODE=3 [SRC=213.199.179.158 DST=192.168.15.107 LEN=162 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=UDP SPT=40001 DPT=13846 LEN=142 ] 
[  764.062063] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=213.199.179.158 DST=192.168.15.107 LEN=162 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=UDP SPT=40001 DPT=13846 LEN=142 
[  764.062122] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=213.199.179.158 LEN=190 TOS=0x00 PREC=0xC0 TTL=64 ID=26731 PROTO=ICMP TYPE=3 CODE=3 [SRC=213.199.179.158 DST=192.168.15.107 LEN=162 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=UDP SPT=40001 DPT=13846 LEN=142 ] 
[  772.686003] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=76.23.156.75 DST=192.168.15.107 LEN=140 TOS=0x00 PREC=0x20 TTL=57 ID=39559 PROTO=UDP SPT=29590 DPT=13846 LEN=120 
[  772.686067] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=76.23.156.75 LEN=168 TOS=0x00 PREC=0xC0 TTL=64 ID=18471 PROTO=ICMP TYPE=3 CODE=3 [SRC=76.23.156.75 DST=192.168.15.107 LEN=140 TOS=0x00 PREC=0x20 TTL=57 ID=39559 PROTO=UDP SPT=29590 DPT=13846 LEN=120 ] 
[  774.709671] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=76.23.156.75 DST=192.168.15.107 LEN=140 TOS=0x00 PREC=0x20 TTL=57 ID=23936 PROTO=UDP SPT=29590 DPT=13846 LEN=120 
[  774.709729] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=76.23.156.75 LEN=168 TOS=0x00 PREC=0xC0 TTL=64 ID=18472 PROTO=ICMP TYPE=3 CODE=3 [SRC=76.23.156.75 DST=192.168.15.107 LEN=140 TOS=0x00 PREC=0x20 TTL=57 ID=23936 PROTO=UDP SPT=29590 DPT=13846 LEN=120 ] 
[  778.717422] Shorewall:INPUT:REJECT:IN=wlan0 OUT= MAC=68:a8:6d:24:e7:0a:00:1b:2f:6c:31:4e:08:00 SRC=76.23.156.75 DST=192.168.15.107 LEN=140 TOS=0x00 PREC=0x20 TTL=57 ID=3281 PROTO=UDP SPT=29590 DPT=13846 LEN=120 
[  778.717513] Shorewall:OUTPUT:REJECT:IN= OUT=wlan0 SRC=192.168.15.107 DST=76.23.156.75 LEN=168 TOS=0x00 PREC=0xC0 TTL=64 ID=18473 PROTO=ICMP TYPE=3 CODE=3 [SRC=76.23.156.75 DST=192.168.15.107 LEN=140 TOS=0x00 PREC=0x20 TTL=57 ID=3281 PROTO=UDP SPT=29590 DPT=13846 LEN=120 ] 


Stopping shorewall allowed my to access the network (and submit this bug report)! 


[root@localhost network-scripts]# service shorewall stop
Redirecting to /bin/systemctl stop shorewall.service
[root@localhost network-scripts]# ping 192.168.15.1
PING 192.168.15.1 (192.168.15.1) 56(84) bytes of data.
64 bytes from 192.168.15.1: icmp_seq=1 ttl=64 time=4.10 ms
 

How is it possible this got through QA and Beta testing?  I didn't see this when running the RC-KDE Live version (which I did last week).  Too bad.  This version of Gnome looks interesting. 





Reproducible: 

Steps to Reproduce:

Andy Liebman 2013-05-20 01:41:12 CEST

Summary: Mageia 3 Live Gnonme WIFI Blocked by Shorewall => Mageia 3 Live Gnome WIFI Blocked by Shorewall

Comment 1 Sander Lepik 2013-05-20 10:33:19 CEST

This is actually a known problem, sadly. It's caused by the fact that Gnome requires NetworkManager which we haven't integrated with Mageia yet.

Easy workaround is to add your device into shorewalls interfaces file:

echo -e "net\twlan0\tdetect" >> /etc/shorewall/interfaces

And restart shorewall service:

service shorewall restart

That should fix it.

CC: (none) => sander.lepik

Comment 2 Marja Van Waes 2015-03-31 16:06:45 CEST

Mageia 3 changed to end-of-life (EOL) status 4 months ago.
http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/ 

Mageia 3 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of Mageia
please feel free to click on "Version" change it against that version of Mageia
and reopen this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

--
The Mageia Bugsquad

Status: NEW => RESOLVED
Resolution: (none) => OLD

Note You need to log in before you can comment on or make changes to this bug.