Bug 137888

Summary: variables in /etc/sysconfig/SuSEFirewall2 in wrong order, Masquerading does not work
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Jens Benecke <jens-novell>
Component: YaST2Assignee: Lukas Ocilka <locilka>
Status: RESOLVED INVALID QA Contact: Klaus Kämpf <kkaempf>
Severity: Normal    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: yast2 log files from before manual modification of SuSEFirewall2

Description Jens Benecke 2005-12-09 20:06:24 UTC 
After configuring the SuSEfirewall via YaST, IP masquerading did not work. After some research I found out that YaST had apparently _appended_ FW_DEV_EXTT=dsl0 to the file.
However, before this FW_MASQ_DEV=$FW_DEV_EXT already depended on this variable.

Suggestion: Please either don't make variables in this file depend on their order when the file is parsed, or ensure the file is written in the correct order. A novice (= my customer) would never have figured this out, and I am 100% sure I never used a text editor to edit this file, so this could not have been done by accident.

Thank you! :)

Jens
Comment 1 Lukas Ocilka 2005-12-13 07:37:03 UTC 
I'll try to do something with it but I'm not sure that I could do anything for 10.0.
Comment 2 Lukas Ocilka 2005-12-13 08:03:42 UTC 
Well, this seems strange. YaST Firewall uses a sysconfig agent for reading and writing files and should have rewritten the record FW_DEV_EXT=".." which is defned before the FW_MASQ_DEV=".." instead of adding a new one. The only possibility is that the sysconfig file hadn't included that variable before YaST was started... just guessing.

Could you please try to attach YaST logs and that /etc/sysconfig/SuSEFirewall2 file?

For more information, see: http://www.opensuse.org/Bug_Reporting_FAQ#YaST
Comment 3 Lukas Ocilka 2005-12-15 15:20:55 UTC 
Ludwig, please, is there any possibility that the variable FW_DEV_EXT could be commented out in the default sysconfig file?
Comment 4 Ludwig Nussel 2005-12-15 15:28:28 UTC 
No. Upon package installation /var/adm/fillup-templates/sysconfig. SuSEfirewall2 is copied to /etc/sysconfig/SuSEfireweall2 via fillup as usual. We never shipped a broken file and FW_MASQ_DEV as well as FW_DEV_EXT exist since day one so under normal circumstances it's impossible that any variable ends up commented out or in the wrong order.
Comment 5 Lukas Ocilka 2006-01-06 09:26:48 UTC 
Cannot reproduce, no logs, no sysconfig file attached.
Please, reopen this bug if you have those logs and/or that sysconfig file.
Comment 6 Jens Benecke 2006-01-06 13:40:06 UTC 
Created attachment 62172 [details]
yast2 log files from before manual modification of SuSEFirewall2

Hello,

sorry not to come back to you earlier. Here are the requested files. Somewhere around Dec 12 (y2log-6) or Dec 17 (y2log-5) I noticed that something was wrong about the masquerading because the rules for the masq device were simply not defined. Then I looked at SuSEFirewall2 and noticed that "FW_DEV_EXT=dsl0" was defined at the very END of this file (last line), instead of before. The FW_DEV_EXT variable was still there, but commented out above.

In this archive is the manually edited, corrected version of SuSEFirewall2.