Getting "Another Firewall Active" message when no firewall running

When I click “Firewall” in YaST in order to go inside the settings and turn on the firewall (which is actually OFF) I am getting the message:

Another Fiwall Active

Another kind of firewall is active on your system.
If you continue, SuSEfirewall2 may produce undefined errors.
It would be better to remove the other firewall before
configuring SuSEfirewall2.
Continue with configuration?

I don’t know what that “other” kind of firewall is. I haven’t installed any other firewall. When I go to YaST>Services, SuSEfirewall2 is definitely Inactive and Disabled.

If I continue with the configuration, I can turn on the firewall and it works fine.

The question is - why am I getting this message?

Just a guess. Do you have any IP rules defined yourself? I can imagine that YaST checks if there are any IP rules active and when yes, then decides that it is not the only one tinkering with them.

No idea. How do I check?

Well, when you have no idea, I think you did not experiment with ip tables., but you can check what is active with

henk@boven:~> su - -c 'iptables -L'
Wachtwoord:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
henk@boven:~>

The above is on a system with no firewall active, thus all tables are empty.

Another guess (I do not run a firewall, nor am I used to using IP tables).

in /etc/sysconfig, there are several files/directories with SuSEfirewall2 in their names. Maybe when one or more of them is not in the same state as YaST would configure them (or in virgin state since installation), YaST may think another partner is in play.

henk@boven:/etc/sysconfig> find . -name '*wall*'
find: ‘./network/providers’: Toegang geweigerd
./network/if-up.d/SuSEfirewall2
./network/scripts/firewall
./network/scripts/SuSEfirewall2
./scripts/SuSEfirewall2-oldbroadcast
./scripts/SuSEfirewall2-showlog
./scripts/SuSEfirewall2-custom
./scripts/SuSEfirewall2-qdisc
./scripts/SuSEfirewall2-rpcinfo
./scripts/SuSEfirewall2-open
./scripts/SuSEfirewall2-batch
./SuSEfirewall2
./SuSEfirewall2.d
henk@boven:/etc/sysconfig>
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             multiport dports mdns
ACCEPT     tcp  --  anywhere             anywhere             multiport dports terabase


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

I wonder where these 2 rules came from?

I also haven’t touched any of the files which you show with ‘find’.

As my example output above was created using 13.1, I started a 1.2 system here, but I get the same emtpy lists. So my guess seems to be a bit correct in that there is something.

The fact that you (as person) say that you did not touch them is not very relevant. What we have to find out if something touched them. Or least what is done to them where, so we can reverse that. Best thing would be to heck againt the originals, but as you don’t have them, maybe looking at change dates brings something. The word “terabase” in your listing looks the most unique there. Searching for it in those files might help.
All guessing and things that I probably would do,

As said, I am not a real ip tables/firewall guru, the above was only geussing. I hope a more knowing person will join us.

One thing you could try is to “continue” with the YaST module and see what happens. Look around in the screens there, As long as you do not confirm things, nothing will happen.


grep -r 'terabase' /etc                                                                                                                                        
/etc/services:terabase           4000/tcp     # Terabase  [Thor_Olson]
/etc/services:terabase           4000/udp     # Terabase  [Thor_Olson]
/etc/services:# Thor_Olson               Thor Olson                                        mailto:Thor&terabase.com

Does that give any more info? What kind of service might that be? Is my system infected?

The above is only a list of defined ports. The fact that it is in the list is no problem. The question is if it is somewhere in the firewall files. Or the number 4000 instead.

I googled terabase and there is something about Remore-Anything. I have no idea what it is, but it does not sound as if I would need it. :frowning:

You could check if you have a port listening on 4000, as root

netstat -tulpn | grep 4000

On 2015-08-30 18:26, hcvv wrote:

> The above is only a list of defined ports. The fact that it is in the
> list is no problem. The question is if it is somewhere in the firewall
> files. Or the number 4000 instead.
>
I don’t know about terabase, but port 4000 I have the feeling I used
either for a VoIp application or for p2p (emule?).

perhaps: http://www.speedguide.net/port.php?port=4000


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Update:

Tested on my other machine (also openSUSE 13.2) - absolutely the same behavior and again ‘iptables -L’ gives the exact same output!

I haven’t installed emule or any particular Voip software.

Just to note - this doesn’t actually cause any problem if I click “Continue” and then turn on the firewall. But it kind of bothers me to see open ports by default like that.

On 2015-08-30 22:36, heyjoe wrote:

> Just to note - this doesn’t actually cause any problem if I click
> “Continue” and then turn on the firewall. But it kind of bothers me to
> see open ports by default like that.

Well, I always install with the firewall up during the installation,
IIRC. I haven’t had to activate it later, so I wouldn’t see your situation.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

I also install it during OS installation but I set it to disabled by default because my router already has a firewall.

I activate openSUSE’s firewall on the PC only on special occasions, e.g. when I need to NAT to a sub-LAN. The rest of the time it is off.

On 2015-08-30 23:16, heyjoe wrote:
> because my router already has a firewall.

So does mine, but I never trust them.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

It may be open in the firewall, but is something listening on the port? What about the netstat output?


netstat -tulpn | grep 4000
tcp        0      0 0.0.0.0:4000            0.0.0.0:*               LISTEN      3060/nxd            
tcp        0      0 :::4000                 :::*                    LISTEN      3060/nxd  

What does this mean? The NoMachine NX daemon?

Yes, the process 3060, which is a running nxd is listening to that port. And I bet that installing/configuring NX also created the IP table entries.

Again, I do not know much about NX, but ny going step by step. I think we got somewhere.

Looks like it. Thanks for the netstat tip.

Any idea how to find exactly where NX opens these ports?

Have a look in /etc/sysconfig/SuSEfirewall2.d/services/ for a NoMachine port definition file.

I don’t see it: SUSE Paste