Bug 137888 - variables in /etc/sysconfig/SuSEFirewall2 in wrong order, Masquerading does not work
Summary: variables in /etc/sysconfig/SuSEFirewall2 in wrong order, Masquerading does n...
Status: RESOLVED INVALID
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: YaST2 (show other bugs)
Version: Final
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Lukas Ocilka
QA Contact: Klaus Kämpf
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-09 20:06 UTC by Jens Benecke
Modified: 2006-01-06 13:40 UTC (History)
0 users

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
yast2 log files from before manual modification of SuSEFirewall2 (347.79 KB, application/x-tgz)
2006-01-06 13:40 UTC, Jens Benecke 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jens Benecke 2005-12-09 20:06:24 UTC 
After configuring the SuSEfirewall via YaST, IP masquerading did not work. After some research I found out that YaST had apparently _appended_ FW_DEV_EXTT=dsl0 to the file.
However, before this FW_MASQ_DEV=$FW_DEV_EXT already depended on this variable.

Suggestion: Please either don't make variables in this file depend on their order when the file is parsed, or ensure the file is written in the correct order. A novice (= my customer) would never have figured this out, and I am 100% sure I never used a text editor to edit this file, so this could not have been done by accident.

Thank you! :)

Jens
Comment 1 Lukas Ocilka 2005-12-13 07:37:03 UTC 
I'll try to do something with it but I'm not sure that I could do anything for 10.0.
Comment 2 Lukas Ocilka 2005-12-13 08:03:42 UTC 
Well, this seems strange. YaST Firewall uses a sysconfig agent for reading and writing files and should have rewritten the record FW_DEV_EXT=".." which is defned before the FW_MASQ_DEV=".." instead of adding a new one. The only possibility is that the sysconfig file hadn't included that variable before YaST was started... just guessing.

Could you please try to attach YaST logs and that /etc/sysconfig/SuSEFirewall2 file?

For more information, see: http://www.opensuse.org/Bug_Reporting_FAQ#YaST
Comment 3 Lukas Ocilka 2005-12-15 15:20:55 UTC 
Ludwig, please, is there any possibility that the variable FW_DEV_EXT could be commented out in the default sysconfig file?
Comment 4 Ludwig Nussel 2005-12-15 15:28:28 UTC 
No. Upon package installation /var/adm/fillup-templates/sysconfig. SuSEfirewall2 is copied to /etc/sysconfig/SuSEfireweall2 via fillup as usual. We never shipped a broken file and FW_MASQ_DEV as well as FW_DEV_EXT exist since day one so under normal circumstances it's impossible that any variable ends up commented out or in the wrong order.
Comment 5 Lukas Ocilka 2006-01-06 09:26:48 UTC 
Cannot reproduce, no logs, no sysconfig file attached.
Please, reopen this bug if you have those logs and/or that sysconfig file.
Comment 6 Jens Benecke 2006-01-06 13:40:06 UTC 
Created attachment 62172 [details]
yast2 log files from before manual modification of SuSEFirewall2

Hello,

sorry not to come back to you earlier. Here are the requested files. Somewhere around Dec 12 (y2log-6) or Dec 17 (y2log-5) I noticed that something was wrong about the masquerading because the rules for the masq device were simply not defined. Then I looked at SuSEFirewall2 and noticed that "FW_DEV_EXT=dsl0" was defined at the very END of this file (last line), instead of before. The FW_DEV_EXT variable was still there, but commented out above.

In this archive is the manually edited, corrected version of SuSEFirewall2.