Results 1 to 9 of 9

Thread: Firewall - looking like a crazy machine

  1. #1
    Join Date
    Aug 2013
    Location
    Jundiai, São Paulo, Brazil
    Posts
    467

    Default Firewall - looking like a crazy machine

    After an upgrade the NFS connections are no longer working.
    Apparently there were changes in the firewall
    The current firewall is absolutely difficult to understand
    I do not even know where to turn it off.
    There is the dropDown with the "Runtime" and "Permanent" options .... What are they for?
    There is a window on the left with "block, dmz, drop, external ........... work" options, how to configure?
    In the center of the screen have 10 titles to choose ..... which one do I choose?
    For each title you have several options ... which ones do I choose?
    Please, could someone tell me which points I should configure and how do I do this?

    This is looking like a crazy machine
    Please ... what should I do ... at least to turn off Firewall because I need to work

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,496
    Blog Entries
    3

    Default Re: Firewall - looking like a crazy machine

    I can tell you what I did.

    NFS did not work, so I turned of the firewall. To do that, I used
    Yast --> System --> Services Manager
    and scrolled down to the line "firewalld". Then I toggled both "Active" and "Enable" to turn off the firewall.

    After that, NFS worked. And I should be clear that this change was on the server. I did not need to do anything on the NFS clients.

    After that, I tried to work out how to get it working with the firewall running.

    In the firewall configuration tool (started from Yast), I eventually did:

    check the boxes for "mountd", "nfs" and "nfs3". Maybe I also had to check "rpc-bind" (I don't remember if that was already checked). And then I found out about the Runtime and "Permanent", so I switched to Permanent and checked those boxes again.

    So now firewalld is running and NFS works. (Yes, I did use services manager to turn it on again).
    Last edited by nrickert; 27-Jul-2018 at 04:37.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3
    Join Date
    Aug 2013
    Location
    Jundiai, São Paulo, Brazil
    Posts
    467

    Default Re: Firewall - looking like a crazy machine

    Quote Originally Posted by nrickert View Post
    After that, I tried to work out how to get it working with the firewall running.

    In the firewall configuration tool (started from Yast), I eventually did:

    check the boxes for "mountd", "nfs" and "nfs3". Maybe I also had to check "rpc-bind" (I don't remember if that was already checked). And then I found out about the Runtime and "Permanent", so I switched to Permanent and checked those boxes again.

    So now firewalld is running and NFS works. (Yes, I did use services manager to turn it on again).
    But in what area did you make the changes? block, dmz, drop, external, home, internal, public, trusted, work .......?
    Do not have a button to save the setting?

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,496
    Blog Entries
    3

    Default Re: Firewall - looking like a crazy machine

    Quote Originally Posted by sergelli View Post
    But in what area did you make the changes? block, dmz, drop, external, home, internal, public, trusted, work .......?
    I wasn't sure about those, so I didn't touch them. I just went with the default, which I think was "external".

    Do not have a button to save the setting?
    I looked for a save button, but could not find one. Apparently it is saved automatically.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5
    Join Date
    Oct 2008
    Location
    Glasgow, Scotland
    Posts
    1,131

    Default Re: Firewall - looking like a crazy machine

    Quote Originally Posted by nrickert View Post
    I wasn't sure about those, so I didn't touch them. I just went with the default, which I think was "external".
    The default is “Public”. But they are just labels and only have any significance if you have multiple network interfaces and want to give them different rulesets.

    I looked for a save button, but could not find one. Apparently it is saved automatically.
    The changes are made instantly to the running firewall rules. There is an option to make them permanent, when they are saved in an xml file.
    When configuring servers I found it easier to use text editor scripts on e.g. /etc/firewalld/zones/public.xml than using firewall-cmd.
    ~Thank you for sharing an interesting problem.
    --
    slàinte mhath,
    rayH

  6. #6
    Join Date
    Aug 2013
    Location
    Jundiai, São Paulo, Brazil
    Posts
    467

    Default Re: Firewall - looking like a crazy machine

    After turning off the firewall, I received more of this "news"
    Code:
    sergio@audio:~> mount /mnt/asus
    mount.nfs: requested NFS version or transport protocol is not supported
    The two machines have the same Leap 15
    What could be wrong?

  7. #7
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,496
    Blog Entries
    3

    Default Re: Firewall - looking like a crazy machine

    I'm not sure. I just setup my NFS server to support both nfs3 and nfs4. I haven't looked into what the clients really need. But I'm guessing that I'm only using nfs3, because I think nfs4 needs kerberos or similar authentication and I have not set that up.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  8. #8
    Join Date
    Aug 2013
    Location
    Jundiai, São Paulo, Brazil
    Posts
    467

    Default Re: Firewall - looking like a crazy machine

    This machine is also a client of a server that I have not updated for more than ten years .... and the nfs connection works.
    So I can say that the problem is on the new server on the Leap machine 15?
    Is there any way to install an older nfs server in Leap 15?

    The message bellow appears when I try to configure the server :
    some firewalld services are not available:
    -nfs-kernel-server (Not available)
    These services must be defined in order to configure the firewall
    How I fix it?

  9. #9
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,496
    Blog Entries
    3

    Default Re: Firewall - looking like a crazy machine

    I installed "nfs-kernel-server" and "yast2-nfs-server". I installed those as part of my original install. Everything else needed was already selected for install.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •