firewall issue

English Network/Internet
#1

Hi people,

I open/continue the thread some issue with cups and firewall - openSUSE Forums in this section 'cause surely a more precise place…

My firewall seem doesn’t start fine. I notice this due to the fact my server cups is not visible from the client, note if firewall is down or after boot I force-reload it cups and client are ok…

btw… after boot if I check “SuSEfirewall2 status” I get

pulsarx:/home/myhome # SuSEfirewall2 status
### iptables filter ###
Chain INPUT (policy DROP 53 packets, 7250 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   200 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  220 58668 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 318 packets, 64492 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   200 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           

Chain reject_func (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable 

### iptables mangle ###
Chain PREROUTING (policy ACCEPT 279 packets, 66494 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 277 packets, 66118 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 322 packets, 64692 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 369 packets, 70731 bytes)
 pkts bytes target     prot opt in     out     source               destination         

### iptables nat ###
Chain PREROUTING (policy ACCEPT 8 packets, 1587 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 113 packets, 24912 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 113 packets, 24912 bytes)
 pkts bytes target     prot opt in     out     source               destination

and typin’ “cat /var/log/messages | grep firewall | tail -10” I get

Sep  2 09:33:42 pulsarx SuSEfirewall2: batch committing...
Sep  2 09:33:43 pulsarx SuSEfirewall2: Firewall rules set to CLOSE.
Sep  2 09:33:52 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
Sep  2 10:14:02 pulsarx SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
Sep  2 10:14:03 pulsarx SuSEfirewall2: using default zone 'ext' for interface vboxnet0
Sep  2 10:14:03 pulsarx SuSEfirewall2: batch committing...
Sep  2 10:14:03 pulsarx SuSEfirewall2: Firewall rules successfully set
Sep  2 11:17:48 pulsarx SuSEfirewall2: batch committing...
Sep  2 11:17:49 pulsarx SuSEfirewall2: Firewall rules set to CLOSE.
Sep  2 11:17:57 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.

note the last three lines, when i reeboted it seem firewall doesn’t complete its bootin’ process… this cause me
if I type “SuSEfirewall2 stop” this response:
SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.

…from yast>firewall gui If I stop… I get nothing it is always up… “cat /var/log/messages | grep firewall | tail -10” simply added 2 line with the same message…

Sep  2 09:33:52 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
Sep  2 10:14:02 pulsarx SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
Sep  2 10:14:03 pulsarx SuSEfirewall2: using default zone 'ext' for interface vboxnet0
Sep  2 10:14:03 pulsarx SuSEfirewall2: batch committing...
Sep  2 10:14:03 pulsarx SuSEfirewall2: Firewall rules successfully set
Sep  2 11:17:48 pulsarx SuSEfirewall2: batch committing...
Sep  2 11:17:49 pulsarx SuSEfirewall2: Firewall rules set to CLOSE.
Sep  2 11:17:57 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
Sep  2 11:34:56 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
Sep  2 11:38:05 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.

Notice if I check the presence of the file SuSEfirewall2.booting, it’s still there…
pulsarx:/var/lock # ll
totale 12
drwxr-xr-x 2 root root 4096 1 set 09:40 dmraid
drwxr-xr-x 2 root root 4096 16 ott 2008 lvm
drwxr-xr-x 3 root root 4096 2 set 11:17 subsys
-rw-r–r-- 1 root root 0 2 set 11:17 SuSEfirewall2.booting

but if I type forcin’ “rcSuSEfirewall2 restart” and recheck the presence of file…

pulsarx:/var/lock # rcSuSEfirewall2 restart
Starting Firewall Initialization (phase 2 of 2) done
pulsarx:/var/lock # ll
totale 12
drwxr-xr-x 2 root root 4096 1 set 09:40 dmraid
drwxr-xr-x 2 root root 4096 16 ott 2008 lvm
drwxr-xr-x 3 root root 4096 2 set 11:17 subsys
pulsarx:/var/lock #

et voilà everything ok lock file vanished and firewall open my 631 port let my server cups kiss all his client :slight_smile:

Here I am… some advice ?!? :slight_smile:

thx in advance

#2

…a polite toc toc :slight_smile: