Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Yast firewall doesn't respect interface selected

  1. #1

    Question Yast firewall doesn't respect interface selected

    Hi,
    like in the title. Default interface is public. I changed my wifi (wlan0) to home interface. I want to use gsconnect and I need to open ports for it to see my device. The thing is if I added kdeconnect in the home interface it should start working. But instead nothing happens. Only when I add kdeconnect to public interface it starts seeing my devices. When on home interface (selected for wlan0) there is not added kdeconnect, but added for public, it sees my devices.

    Am I missing something? It should be that when assigned specific interface to device and changing settings in that interface, the changes should be reflected on the device. It seems like no matter to which interface I assign settings, it only works for public.
    If it's a bug I'll submit report but I need to be sure it's not intended behavior.

  2. #2
    Join Date
    Sep 2012
    Posts
    8,031

    Default Re: Yast firewall doesn't respect interface selected

    Quote Originally Posted by MyNameIsArko View Post
    Default interface is public. I changed my wifi (wlan0) to home interface.
    You confuse "device", "interface" and "zone" which makes it near to impossible to understand what you mean.
    The thing is if I added kdeconnect in the home interface it should start working.
    We can guess that "kdeconnect" refers to firewalld service, but this is just a guess.
    But instead nothing happens. Only when I add kdeconnect to public interface it starts seeing my devices.
    We have no information about your configuration. Which interfaces there are? Which zones are associated with these interfaces? Copy and paste full protocol of executing
    Code:
    firewall-cmd --list-all-zones
    If it is too long, upload to https://susepaste.org/

  3. #3

    Default Re: Yast firewall doesn't respect zone selected

    Yeah sorry, I'm green in this field so I grouped these things by accident. I'll try to clear this up. My device is wlan0, which I created during installation process to connect to my wifi. I use tumbleweed newest snapshot with GNOME.
    My default zone is public. I changed zone for wlan0 to home using yast firewall. While creating firewall-cmd log I saw that there is another device: wlo1 that is on public zone. It doesn't show up in yast firewall. Maybe it's used as device for wifi?
    Here's log: https://susepaste.org/49208407

  4. #4
    Join Date
    Sep 2012
    Posts
    8,031

    Default Re: Yast firewall doesn't respect zone selected

    Quote Originally Posted by MyNameIsArko View Post
    wlo1 that is on public zone
    Show output of "ip l" and "ip a". Also, are you using wicked or NetworkManager?

  5. #5

    Default Re: Yast firewall doesn't respect interface selected

    Now it all makes sense. Thanks for helping!

    I didn't change anything after installing gnome so it defaulted to NetworkManager. NetworkManager created their own device: wlo1 to manage my wifi card.
    When entering yast network settings module, it showed me that Yast don't have access to some config options. But behind this message I can see:
    Code:
    Name                                                     │IP Address    │Device│Note
    RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller│Not configured│eno1  │    
    Wi-Fi 6 AX200                                            │Not configured│wlo1  │    
    wlan0                                                    │DHCP          │wlan0 │
    So now I know why it wouldn't work.

    Code:
    ip l
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
        link/ether 6c:02:e0:73:d6:52 brd ff:ff:ff:ff:ff:ff
        altname enp2s0
    3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
        link/ether 84:1b:77:59:17:3f brd ff:ff:ff:ff:ff:ff
        altname wlp3s0
    Code:
    ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
        link/ether 6c:02:e0:73:d6:52 brd ff:ff:ff:ff:ff:ff
        altname enp2s0
    3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether 84:1b:77:59:17:3f brd ff:ff:ff:ff:ff:ff
        altname wlp3s0
        inet 192.168.1.91/24 brd 192.168.1.255 scope global dynamic noprefixroute wlo1
           valid_lft 84579sec preferred_lft 84579sec
        inet6 fe80::e2a9:18be:5b2e:fffa/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    31,298

    Default Re: Yast firewall doesn't respect interface selected

    I think you are still confused. When YaST shows you that NetworkManager is used, then there is not much to do for YaST anymore. And thus most of the configuring there is blocked/greyed out.
    Henk van Velden

  7. #7
    Join Date
    Sep 2012
    Posts
    8,031

    Default Re: Yast firewall doesn't respect zone selected

    Quote Originally Posted by MyNameIsArko View Post
    Ywlo1 that is on public zone. It doesn't show up in yast firewall.
    YaST Firewall module seems to ignore devices that are under NetworkManager control. Assuming you are using NetworkManager, you can define firewalld zone as connection property. This option is not exposed by GNOME standard GUI client, but can be added using nmcli, nmtui, nm-connection-editor or editing connection definition file directly.

    It is unclear what you did. I would expect installer to generate NetworkManager connection profile based on settings during installation, at least if you selected NetworkManager as default. Show output of "nmcli device" and "nmcli connection".

  8. #8
    Join Date
    Sep 2012
    Posts
    8,031

    Default Re: Yast firewall doesn't respect interface selected

    Quote Originally Posted by hcvv View Post
    there is not much to do for YaST anymore.
    Firewall settings do not depend on whether wicked or NM is used. Do you imply that with NetworkManager one should not use YaST at all? For any task?

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    31,298

    Default Re: Yast firewall doesn't respect interface selected

    Quote Originally Posted by arvidjaar View Post
    Firewall settings do not depend on whether wicked or NM is used. Do you imply that with NetworkManager one should not use YaST at all? For any task?
    As he mentioned " ...... entering yast network settings module ....", I was commenting on YaST > Network > Network Settings. Not on any firewall tool.
    Henk van Velden

  10. #10

    Default Re: Yast firewall doesn't respect zone selected

    Quote Originally Posted by arvidjaar View Post
    It is unclear what you did. I would expect installer to generate NetworkManager connection profile based on settings during installation, at least if you selected NetworkManager as default. Show output of "nmcli device" and "nmcli connection".
    When installing opensuse tumbleweed I only changed hostname. The rest remained the default. When checking if I could change to wicked I stumbled upon this thread.
    There I found info that wicked was deprecated for new opensuse tumbleweed installations and it will use NetworkManager by default. This alligns perfectly with my situation as NetworkManager is installed by default and wicked is not found on the system.

    Here's requested logs:
    Code:
    DEVICE        TYPE      STATE         CONNECTION 
    wlo1          wifi      connected     ASUS       
    p2p-dev-wlo1  wifi-p2p  disconnected  --         
    eno1          ethernet  unavailable   --         
    lo            loopback  unmanaged     --
    Code:
    NAME                     UUID                                  TYPE      DEVICE 
    ASUS                     02f549c2-4665-4736-9224-cde0ce8a9a8c  wifi      wlo1   
    Po??czenie przewodowe 1  2b102c32-6675-379e-ae93-b03a4aeb130c  ethernet  --     
    wlan0                    e9d63b0a-d900-3eb7-93ef-3f621fbbd4cc  wifi      --
    Like everyone here said, changing zone for the device wlan0 didn't do anything because that device isn't used for connection. wlo1 is used that is managed by NetworkManager and because of that it didn't showed up in Yast firewall.

    So now I have three options:
    - change backend to wicked and it will work as I thought it would
    - use other cli tool for networkmanager configuration to change wlo1 to zone I want
    - change default zone to home and it will work, because wlo1 uses default zone

    Or I could just leave it as it is right now, where ports for kdeconnect are open on public zone. It also seems to be the way recommended by wiki.

    We can guess that "kdeconnect" refers to firewalld service, but this is just a guess.
    Forgot to answer that. It's app that let's you connect phone with computer and have tight integration between them. But in order for it to work it needs to have open ports in firewall as it works over wifi. Yast firewall has it listed as one of the options to quickly add.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •