[Bug 522742] New: NetworkManager is missing /sbin/iptables
http://bugzilla.novell.com/show_bug.cgi?id=522742 Summary: NetworkManager is missing /sbin/iptables Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: x86-64 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: per@osbeck.com QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; sv-SE; rv:1.9.1.0) Gecko/20090623 SUSE/3.5.0-7.2 Firefox/3.5 When using NM-0.7 ConnectionSharing, NM tries to execute /sbin/iptables iptables is installed in /usr/sbin/iptables so the ConnectionSharing fails: Jul 16 17:09:12 myhost NetworkManager: <info> Executing: /sbin/iptables --table nat --delete POSTROUTING --source 10.42.44.0/255.255.255.0 --destination ! 10.42.44.0/255.255 255.0 --jump MASQUERADE Jul 16 17:09:12 myhost NetworkManager: <info> Error executing command: (8) Failed to execute child process "/sbin/iptables" (No such file or directory) Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c1 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|bnc-team-screening@forge.pr |tambet@novell.com |ovo.novell.com | --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2009-07-17 04:04:08 MDT --- NetworkManager is not supposed to mess with firewalling, that's configurable via YaST instead. The feature needs to be disabled in NM. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User tambet@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c2 --- Comment #2 from Tambet Ingo <tambet@novell.com> 2009-07-17 05:18:59 MDT --- Connection sharing wouldn't work without it. The sharing machine needs to provide DHCP, DNS, and IP masquerading to shared machines. It can't be controlled from yast, it's dynamic while everything in yast is static (including firewall rules). This feature was implemented to fulfill a FATE entry (can't find the number at the moment), so I won't disable it based on a bugzilla comment. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2009-07-17 05:25:23 MDT --- The feature could never have worked as iptables never was in that location. Also SuSEfirewall2 gets called when new interfaces appear and it remoes all previous rules so depending on when you try to mess with iptables chances are that the modifications have no effect at all. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User tambet@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c4 --- Comment #4 from Tambet Ingo <tambet@novell.com> 2009-07-17 05:29:23 MDT --- Ok, so what solution do yo propose? Adding something like "if you want to enable connection sharing in NM, please do this and that in NM, then go to yast, to some other things and when you're don with sharing, do everything in the opposit oreder again" to some manual would be almost as good as "this is not possible on opensuse, please install some other distro if you require it". -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c5 --- Comment #5 from Ludwig Nussel <lnussel@novell.com> 2009-07-17 05:35:34 MDT --- do it properly with SuSEfirewall2 integration or don't do it at all. I haven't seen any feature request that users must be able to reconfigure their host as router and start dhcp servers via NM. Such a feature just doesn't belong there. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User tambet@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c6 --- Comment #6 from Tambet Ingo <tambet@novell.com> 2009-07-17 05:43:21 MDT --- That suggestion wasn't very helpful. SuSEfirewall2 doesn't really work with dynamic network configuration, so it's not exactly possible to do it "properly". Yes, in 2009 people do take their computers around and firewall rules based on interface name don't really cut it. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User per@osbeck.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c7 --- Comment #7 from Per Osbeck <per@osbeck.com> 2009-07-17 16:16:44 MDT --- using SuSEfirewall2 I can't find my 3G usb modem that I want to share over my wifi. I'm currently away from any normal internet connectivity and want to share my laptops 3G connection so i can connect to internet with my ipod etc. I find this feature very useful. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User wstephenson@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c8 Will Stephenson <wstephenson@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@novell.com --- Comment #8 from Will Stephenson <wstephenson@novell.com> 2009-08-18 02:39:28 MDT --- FWIW AJ and myself noticed the patch was wrong and patched NM in Factory to look for iptables in the right place, but I hadn't seen this bug and am not sure if a wrong feature working when the wind is in the right direction is worse than a wrong feature not working at all. Ludwig,Tambet: What would be needed to do this right? * informing SUSEfirewall2 about hotplugged network interfaces? * predefined but inactive port forwarding rules that NM can activate instead of mucking with iptables itself? * firewall rules based on something other than interface name? Anyone know how or if is this solved elsewhere? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c9 --- Comment #9 from Ludwig Nussel <lnussel@novell.com> 2009-08-24 08:42:26 MDT --- SuSEfirewall2 by default enables masquerading on external interfaces if FW_MASQUERADE and FW_ROUTE are set to 'yes'. As soon as e.g. one interface is set to external and another one internal masquerading happens between the two then. Firewall integration issues aside having users start dhcp servers by accidental mouse click is already bad enough. There should be some (e.g. polkit based) authentication at least. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User folkyvolk@gmx.de added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c11 H. Hansen <folkyvolk@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |folkyvolk@gmx.de --- Comment #11 from H. Hansen <folkyvolk@gmx.de> 2009-09-16 15:08:36 MDT --- please someone fix the path and provide an rpm in update-repository for opensuse-11.1. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User folkyvolk@gmx.de added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c12 --- Comment #12 from H. Hansen <folkyvolk@gmx.de> 2009-09-16 16:31:22 MDT --- I modified the path in current opensuse-11.1 networkmanager src-rpm and now ICS works :) so no reason to wait with an official fix. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User mmeeks@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c13 Michael Meeks <mmeeks@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |mmeeks@novell.com Info Provider| |ast@novell.com --- Comment #13 from Michael Meeks <mmeeks@novell.com> 2009-09-22 05:17:23 MDT --- Well, authentication seems a reasonable feature request for the future; for now this bug needs fixing - the patch seems trivial; and worse - it affects SLED11 (and me). I would like to see an update pushed for this, and the authentication feature filing in fate & ideally fixing too. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User cdengler@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c14 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |cdengler@novell.com Info Provider|ast@novell.com | --- Comment #14 from Christian Dengler <cdengler@novell.com> 2009-09-22 06:02:17 MDT --- Set to the "planned update list". The fix will enter the next maintenance update for this package. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:planned:update -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User cdengler@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c15 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update | --- Comment #15 from Christian Dengler <cdengler@novell.com> 2009-09-22 09:40:23 MDT --- After discussion with security team, I removed the bug from the "planned update list". The network manager should not change the firewall settings. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User mmeeks@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c16 Michael Meeks <mmeeks@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |ast@novell.com --- Comment #16 from Michael Meeks <mmeeks@novell.com> 2009-09-23 10:02:53 MDT --- I discussed this with Ludvig again on the phone - pwrt. FATE#305657 - which I guess we should look at back-porting for SLED11-SP1 and he seemed to be less opposed to re-enabling this feature; so I would like to re-start the SWAMP flow here; so we can fix the bug and make this work for users. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 User folkyvolk@gmx.de added comment http://bugzilla.novell.com/show_bug.cgi?id=522742#c17 --- Comment #17 from H. Hansen <folkyvolk@gmx.de> 2009-09-24 00:57:56 MDT --- In other OS, easy configurable internet connection sharing was there years before nm-0.7. If such a "simple" thing does not work now.. please make this work soon, even for opensuse-11.1. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:planned:update -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flag| |SHIP_STOPPER- -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c20 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update |maint:running:32657:low --- Comment #20 from Swamp Workflow Management <swamp@suse.com> 2010-04-13 12:35:01 UTC --- The SWAMPID for this issue is 32657. This issue was rated as low. Please submit the packages and patchinfo file using this ID. (https://swamp.suse.de/webswamp/wf/32657) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c22 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |bili@novell.com Resolution| |FIXED AssignedTo|bnc-team-screening@forge.pr |bili@novell.com |ovo.novell.com | --- Comment #22 from Li Bin <bili@novell.com> 2010-04-20 11:32:40 UTC --- Fixed. Fixed. The 11.2 already fixed this issue with 0013-iptables-path.patch. I get the new patch from upstream, it's name is nm-iptables-path.patch, I'll submit it all the other bugs together 11.1, sle11 and sle11-sp1. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c23 --- Comment #23 from Li Bin <bili@novell.com> 2010-04-20 11:33:49 UTC --- Created an attachment (id=355559) --> (http://bugzilla.novell.com/attachment.cgi?id=355559) The new patch which let iptables be configured -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c24 --- Comment #24 from Li Bin <bili@novell.com> 2010-04-21 03:55:04 UTC --- Done for sle-11-sp1, sle-11:update:test, 11.1:update:test. The request is below. 5989 State:new By:BinLi When:2010-04-21T05:36:59 submit: home:BinLi:branches:SUSE:SLE-11-SP1:GA/NetworkManager -> SUSE:SLE-11-SP1:GA Descr: 'fix bnc#479885, bnc#520095, bnc#522742, bnc#472112' 5990 State:new By:BinLi When:2010-04-21T05:43:59 submit: home:BinLi:branches:SUSE:SLE-11:Update/NetworkManager -> SUSE:SLE-11:Update:Test Descr: 'fix bnc#479885, bnc#520095, bnc#522742, bnc#472112, bnc#556083, swampid#32657' 38389 State:new By:BinLi When:2010-04-21T05:46:18 submit: home:BinLi:branches:openSUSE:11.1:Update/NetworkManager -> openSUSE:11.1:Update:Test Descr: 'fix bnc#479885, bnc#520095, bnc#522742, bnc#472112, bnc#556083, swampid#32657' -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c25 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:32657:low |maint:running:32657:low | |maint:released:11.1:32890 | |maint:released:11.2:32890 --- Comment #25 from Swamp Workflow Management <swamp@suse.com> 2010-08-02 07:56:02 UTC --- Update released for: NetworkManager, NetworkManager-debuginfo, NetworkManager-debugsource, NetworkManager-devel, NetworkManager-doc, NetworkManager-glib, NetworkManager-glib-debuginfo Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c26 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:32657:low |maint:running:32657:low |maint:released:11.1:32890 |maint:released:11.1:32890 |maint:released:11.2:32890 |maint:released:11.2:32890 | |maint:released:sle11:32887 --- Comment #26 from Swamp Workflow Management <swamp@suse.com> 2010-08-02 14:15:38 UTC --- Update released for: NetworkManager, NetworkManager-debuginfo, NetworkManager-debugsource, NetworkManager-devel, NetworkManager-doc, NetworkManager-glib Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11 (i386, x86_64) SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:32657:low |maint:released:11.1:32890 |maint:released:11.1:32890 |maint:released:11.2:32890 |maint:released:11.2:32890 |maint:released:sle11:32887 |maint:released:sle11:32887 | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=522742 http://bugzilla.novell.com/show_bug.cgi?id=522742#c27 --- Comment #27 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (522742) was mentioned in https://build.opensuse.org/request/show/38389 11.1:Test / NetworkManager -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com