I can successfully connect to a Wifi with NetworkManager or wpa_supplicant and dhclient but then when I want to access the internet I get "sendmsg: operation not allowed errors". It seems to be in deed an access rights problem since wpa_supplicant and dhclient report success while tools like ping, traceroute or the Firefox browser are blocked from accessing the web. root> iwconfig lo no wireless extensions. enp57s0f1 no wireless extensions. wlp58s0 IEEE 802.11 ESSID:"HUAWEI-B525-5943" Mode:Managed Frequency:2.442 GHz Access Point: 88:11:96:2B:59:43 Bit Rate=144.4 Mb/s Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on Link Quality=41/70 Signal level=-69 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:13 Missed beacon:0 root> ping 192.168.8.1 PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data. Von 192.168.8.126 icmp_seq=1 host can not be reached ping: sendmsg: the operation is not allowed Von 192.168.8.126 icmp_seq=2 Zielhost nicht erreichbar ping: sendmsg: Die Operation ist nicht erlaubt Von 192.168.8.126 icmp_seq=3 Zielhost nicht erreichbar ping: sendmsg: Die Operation ist nicht erlaubt Von 192.168.8.126 icmp_seq=4 Zielhost nicht erreichbar ping: sendmsg: Die Operation ist nicht erlaubt Von 192.168.8.126 icmp_seq=5 Zielhost nicht erreichbar ping: sendmsg: Die Operation ist nicht erlaubt Von 192.168.8.126 icmp_seq=6 Zielhost nicht erreichbar ping: sendmsg: Die Operation ist nicht erlaubt ^C root> traceroute 208.67.222.222 traceroute to 208.67.222.222 (208.67.222.222), 30 hops max, 60 byte packets send: the operation is not allowed I have just tried it under Debian 11 too and here I do not have any problems connecting to a Wifi/WLAN.
Seems you borked your firewall/iptables settings. There are many threads to find for this ussue (google).
Specifically ensure /etc/shorewall/interfaces and /etc/shorewall6/interfaces each have a line with ... net wlp58s0 detect After editing the files restart them with ... systemctl restart shorewall.service systemctl restart shorewall6.service The editing and restarting must be done as root.
CC: (none) => davidwhodginsSummary: can not send/receive packages when connected via Wifi/WLAN => can not send/receive ip packets when connected via Wifi/WLAN
In deed this line was missing! Since it is a plain new install of Mageia 8 where I have not changed anything about the configuration this may likely be a configuration issue. I could imagine that the firmware of the wifi driver is not loaded at install time and thus the interface would not be detected.
Did adding the line to the two files fix the issue?
Yes, exactly.
Ok closing as a duplicate of bug 28323. The issue is that the classical installer doesn't have the nonfree firmware available when it first boots, so that hardware isn't detected until after booting into the installed system. As well as adding online media during install not working, it also impacts the firewall configuration during the install. *** This bug has been marked as a duplicate of bug 28323 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE
To make it rock solid, that line should rather be added at boot time when it detects new hardware components. Please rethink, whether you really want that as a duplicate of a very different bug. Besides this adding it at hardware detection/ boot time will * make a fix available for people who have already installed Mageia 8 * be effective for people who forget to install the proprietary firmware because they do not know that their hardware requires it
Resolution: DUPLICATE => FIXED
If Mageia still has the hardware detection run at boot time like I know it, I would believe this to be the right point for a fix. Besides this it shall be a strong argument that this will also fix the issue for people who have already installed Mageia 8.
Resolution: FIXED => (none)Status: RESOLVED => REOPENED
(In reply to Elmar Stellnberger from comment #7) > To make it rock solid, that line should rather be added at boot time when > it detects new hardware components. Please rethink, whether you really want yeah, blindly adding newly detected interfaces to the firewall is not a good design security wise...
Why do you think that automatically adding a new interface to the firewall could be detrimental? You don´t do anything different at install time. Normally you want to have the new interface up and running. If someone really needs to boot with a new hardware component disabled he can still do it at the kernel command line and then adapt the firewall settings to whatever exception that shall be given.
CC: (none) => lewyssmithKeywords: (none) => FOR_ERRATA9