Mageia forum

[woody63]

Having recently gone through an online upgrade from M4.1 to M5 to access the internet I need to re-enable the firewall via MCC (Security / set up your personal firewall).
It is enough to just click OK ( 3 times) and then I can access the internet.

Any ideas how I resolve this folks?

[martinw]

It's not clear what you want to resolve. Did you just need to re-enable the firewall the first time you booted after the upgrade, or do you now have to re-enable it every time you boot?

[woody63]

Apologies for not being clear.
I have to re-enable the firewall via MCC each time i boot the system.
Once I've done this, i have full and normal access to the internet.
Does this help?

[martinw]

Yes, that explains the problem. Could you post the output from the following commands, run as root in a terminal window, before and after re-enabling the firewall:

Code: Select all

systemctl status shorewall.service
cat /etc/shorewall/interfaces
cat /etc/shorewall/policy
cat /etc/shorewall/rules
cat /etc/shorewall/rules.drakx


Also, if you run MCC from a terminal window (using the command 'drakconf'), are there any relevant error messages?

[woody63]

apologies for delay in getting these details to you.
Output attached, as requested.
thx.

[martinw]

That all looks OK. Just to check - does the Mageia net_applet (or NetworkManager, if you use that) show the enp4s0 interface is enabled and active before you re-enable the firewall?

If so, without re-enabling the firewall, again as root in a terminal window run

Code: Select all

journalctl -f


then try to access the internet (via a web browser or something) and see if any useful error messages appear in the terminal window.

[woody63]

ok thanks.
I'm not sure if I've used the correct application to check the status of the enp4s0 interface, but the network monitor reported device status = up against that network interface. Also, there was the usual IP address and hardware address displayed.

The output of the journalctl -f command is attached.
I didn't see any error messages in the Konsole after running up the browser and hitting "Try again" a couple of times (to no avail)... so i went on and opened MCC and re-enabled the firewall which is captured in the same attached output.

[woody63]

Until I can properly resolve this issue, I noticed that issuing a "shorewall start" (using su in konsole) allows me to access the internet. This isn't any quicker than restarting the f/w via MCC, however I wondered if I could add this to the end of the boot-sequence / startup process as a work-around?

Can anyone advise how i do this for M5?

thx

[doktor5000]

You could add it to rc.local.

Create the file /etc/rc.d/rc.local, and add the following there:

Code: Select all

#!/bin/sh
/sbin/shorewall start

then make that file executable via chmod 755 /etc/rc.d/rc.local and it should be automatically run during next boot.
But it may be too early for the network to be completely ready. To check if processing of that file is enabled, see output of

Code: Select all

systemctl status rc-local.service

as root

[woody63]

success, this workaround seems to work.

Thanks for your help.

[isadora]

Please woody63, don't forget to mark the topic [SOLVED].
You can do so, by editing the subject/title in the first message in this topic.
Write [SOLVED] to the left of subject/title, thanks ahead.