Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Firewalld configuration for local ("home") network/LAN

  1. #1

    Default Firewalld configuration for local ("home") network/LAN

    I have a fresh install of Leap 15.1 (yesterday). Firewalld is configured upon install to allow access to the Internet, but I am unable to enable NFS shares for the machines on the the local network (all running 15.1). They were previously able to reach this machine (the server) when it was running Leap 42.3 and probably SuSEfirewall2.

    The NFS server dialog provides the following message:
    Code:
    Firewall not configurable
    Some firewalld services are not available:
    - nfs-kernel-server (Not available)
    These services must be defined in order to configure the firewall.
    I have read the Firewalld documentation and third-party posts (e.g., Centos, Techmint, others), and tried to use the Firewall Configuration dialog (changed from Runtime to Permanent), but no success.

    I suspect there are a few straightforward settings to open the interface to the network, but I am unable to determine what those are. The command line examples are clear enough, but I don't know which apply to my case.

    Here are the results of two queries:
    Code:
    linux-5:~ systemctl status firewalld 
    ● firewalld.service - firewalld - dynamic firewall daemon
       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: d>
       Active: active (running) since Fri 2020-01-03 07:02:48 EST; 4min 29s ago
         Docs: man:firewalld(1)
     Main PID: 15900 (firewalld)
        Tasks: 2 (limit: 4915)
       CGroup: /system.slice/firewalld.service
               └─15900 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid
    
    Jan 03 07:02:48 linux-5.fios-router.home systemd[1]: Starting firewalld - dynamic firew>
    Jan 03 07:02:48 linux-5.fios-router.home systemd[1]: Started firewalld - dynamic firewa>
    Code:
    linux-5:~ # firewall-cmd --list-services
    dhcpv6-client

  2. #2

    Default Firewalld configuration for local ("home") network/LAN

    Here is a link to a screenshot of the current Firewall Configuration dialog: https://susepaste.org/49577042

  3. #3
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,836
    Blog Entries
    14

    Default Re: Firewalld configuration for local ("home") network/LAN

    Does it work with the firewall disabled?
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  4. #4

    Default Re: Firewalld configuration for local ("home") network/LAN

    Here is a link to a screenshot of the current Firewall Configuration file: https://susepaste.org/56182332

  5. #5
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,836
    Blog Entries
    14

    Default Re: Firewalld configuration for local ("home") network/LAN

    Quote Originally Posted by w2tq View Post
    Here is a link to a screenshot of the current Firewall Configuration file: https://susepaste.org/56182332
    That is not what I asked for. Use YaST's System - Services manager to turn off the firewall, then try again.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,627
    Blog Entries
    2

    Default Re: Firewalld configuration for local ("home") network/LAN

    I'd recommend you read and use the LEAP documentation before considering others (and in those cases might consider Fedora, then ArchWiki, then CentOS guides).

    https://doc.opensuse.org/documentati...e/cha-nfs.html

    I'm confused by what you posted...
    You said that you just installed a new machine to be used as an NFS client, yet you are posting output about the NFS Server firewall settings...

    If your NFS shares are already working for other machines, you probably shouldn't touch it beyond possibly modifying authentication credentials...

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  7. #7
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,836
    Blog Entries
    14

    Default Re: Firewalld configuration for local ("home") network/LAN

    O, and check YaST - Security and Users - Firewall. Click the public zone, make sure NFS is set to be allowed, test NFS, then set runtime to permanent.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  8. #8

    Default Re: Firewalld configuration for local ("home") network/LAN

    Knurpht -

    Thanks. I can access the shares (mount manually from the command line). When I turn the service on (systemctl etc.), the remote system hangs.

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,627
    Blog Entries
    2

    Default Re: Firewalld configuration for local ("home") network/LAN

    Quote Originally Posted by w2tq View Post
    Knurpht -

    Thanks. I can access the shares (mount manually from the command line). When I turn the service on (systemctl etc.), the remote system hangs.
    Easiest way to troubleshoot a problem you can invoke on demand is to

    Open a separate console and use it to read your system log in real time. You'll likely catch what is happening (including error) without having to search your system log for relevant events

    To do this, run the following in your console/terminal
    Code:
    journalctl -f
    In your case, you should be able to see the difference between your manual mount and invoking using your systemd Unit file.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10

    Default Re: Firewalld configuration for local ("home") network/LAN

    Knurpht -

    It's fixed, but first the following two items.

    1) In my original post, I neglected to mention the openSuSE manual, specifically section 22.3, and SuSE security guide, chap. 17, referenced in the former, which I read several times yesterday, as well as the Firewalld man page on zones (https://firewalld.org/documentation/...lld.zones.html). The various discussions about command line entries made sense but I couldn't glean a specific suggestion or solution. I did notice the nfs entry in both interfaces (YaST and Firewall-Configuration).

    2) I sent the screen shot of the Firewall-Config dialog before I saw your query about the YaST dialog. As far as I can tell, they both modify the config file.

    Your suggestion of adding nfs solved the problem. Thank you.

    But why the public zone? Wouldn't I be better off in the home, trusted, or work zones? Unfortunately and this is what I found confusing, the SuSE documents and the Firewalld man pages do not appear to use similar terms in the same way (see, e.g., trusted). The Firewalld man page sets out the hierarchy of the various zones, and "public" doesn't appear to be an obvious choice. Here, I have essentially two zones - the LAN which includes the firewall router, and the cable to the ISP. For now, I placed the nfs in the work zone (and removed it from the public zone).

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •