Author: kmachalkova Date: Mon Dec 7 16:28:12 2009 New Revision: 59982 URL: http://svn.opensuse.org/viewcvs/yast?rev=59982&view=rev Log: ip_forwarding fix (bnc#474304) (merge from SP1 branch) Modified: trunk/network/package/yast2-network.changes trunk/network/src/lan/help.ycp trunk/network/src/modules/Lan.ycp trunk/network/src/modules/Routing.ycp Modified: trunk/network/package/yast2-network.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/network/package/yast2-network.changes?rev=59982&r1=59981&r2=59982&view=diff ============================================================================== --- trunk/network/package/yast2-network.changes (original) +++ trunk/network/package/yast2-network.changes Mon Dec 7 16:28:12 2009 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Mon Dec 7 16:18:51 CET 2009 - kmachalkova@suse.cz + +- With enabled SuSEFirewall, set SuSEFirewall's FW_ROUTE variable + when enabling/disabling IP forwarding in routing settings. This + avoids overwriting sysctl variables by SuSEFirewall init scripts + (bnc#474304) + +------------------------------------------------------------------- Tue Dec 1 11:24:25 CET 2009 - mzugec@suse.de - ISDN: fixed creating configuration with incorrect name (bnc#534504) Modified: trunk/network/src/lan/help.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/network/src/lan/help.ycp?rev=59982&r1=59981&r2=59982&view=diff ============================================================================== --- trunk/network/src/lan/help.ycp (original) +++ trunk/network/src/lan/help.ycp Mon Dec 7 16:28:12 2009 @@ -75,10 +75,16 @@ _("<p>For each route, enter destination network IP address, gateway address, and netmask. To omit any of these values, use dash sign \"-\". Select -the device through which the traffic to the defined network will be routed, as well.\"-\" is an alias for any interface.</p> +the device through which the traffic to the defined network will be routed, +as well.\"-\" is an alias for any interface.</p> ") + /* Routing dialog help 2/2 */ -_("<p>Enable <b>IP Forwarding</b> if the system is a router. This will apply on both IPv4 and IPv6.</p>"), +_("<p>Enable <b>IP Forwarding</b> (forwarding packets from external networks +to the internal one) if this system is a router. Both IPv4 and IPv6 connectivity +will be affected by this setting. +<b>Important:</b> if the firewall is enabled, allowing IP forwarding alone is not enough. +You should enable masquerade and/or set at least one redirect rule in firewall. You may +use YaST firewall module for that.</p>"), "dhcp_hostname": _("<p>If you are using DHCP to get an IP address, check whether you get Modified: trunk/network/src/modules/Lan.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/network/src/modules/Lan.ycp?rev=59982&r1=59981&r2=59982&view=diff ============================================================================== --- trunk/network/src/modules/Lan.ycp (original) +++ trunk/network/src/modules/Lan.ycp Mon Dec 7 16:28:12 2009 @@ -188,13 +188,13 @@ /* Progress stage 4/9 */ _("Read network configuration"), /* Progress stage 5/9 */ - _("Read routing configuration"), + _("Read firewall settings"), /* Progress stage 6/9 */ _("Read hostname and DNS configuration"), /* Progress stage 7/9 */ _("Read installation information"), /* Progress stage 8/9 */ - _("Read firewall settings"), + _("Read routing configuration"), /* Progress stage 9/9 */ _("Detect current status"), ], [], ""); @@ -254,8 +254,10 @@ if(Abort()) return false; /* Progress step 5/9 */ - ProgressNextStage(_("Reading routing configuration...")); - Routing::Read(); + ProgressNextStage(_("Reading firewall settings...")); + boolean orig = Progress::set (false); + SuSEFirewall4Network::Read (); + Progress::set (orig); sleep(sl); if(Abort()) return false; @@ -273,10 +275,8 @@ if(Abort()) return false; /* Progress step 8/9 */ - ProgressNextStage(_("Reading firewall settings...")); - boolean orig = Progress::set (false); - SuSEFirewall4Network::Read (); - Progress::set (orig); + ProgressNextStage(_("Reading routing configuration...")); + Routing::Read(); sleep(sl); if(Abort()) return false; @@ -452,7 +452,7 @@ if (Mode::installation() && NetworkService::IsManaged()) y2internal("Export sysconfig settings into NetworkManager %1", SCR::Execute(.target.bash_output, "/usr/lib/NetworkManager/nm-opensuse-sysconfig-merge --connections")); y2internal("virt_net_proposal %1", virt_net_proposal); - if (Stage::cont() && virt_net_proposal && (Linuxrc::usessh() || Linuxrc::vnc() || Linuxrc::display_ip())) { + if (Stage::cont() && virt_net_proposal && (Linuxrc::usessh() || Linuxrc::vnc() || Linuxrc::display_ip())) { UI::OpenDialog(`opt(`decorated), `HBox( `HSpacing(1), `HCenter(`HSquash(`VBox( Modified: trunk/network/src/modules/Routing.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/network/src/modules/Routing.ycp?rev=59982&r1=59981&r2=59982&view=diff ============================================================================== --- trunk/network/src/modules/Routing.ycp (original) +++ trunk/network/src/modules/Routing.ycp Mon Dec 7 16:28:12 2009 @@ -18,6 +18,7 @@ import "NetHwDetection"; import "NetworkInterfaces"; import "Map"; +import "SuSEFirewall"; include "network/runtime.ycp"; include "network/routines.ycp"; @@ -91,6 +92,30 @@ Routes = route; } +void ReadIPForwarding() { + if ( SuSEFirewall::IsEnabled() ){ + Forward = SuSEFirewall::GetSupportRoute(); + } + else { + Forward = (SCR::Read(.sysconfig.sysctl.IP_FORWARD) == "yes"); + } +} + +void WriteIPForwarding() { + if ( SuSEFirewall::IsEnabled() ){ + SuSEFirewall::SetSupportRoute( Forward ); + } + else { + SCR::Write(.sysconfig.sysctl.IP_FORWARD, Forward ? "yes" : "no"); + SCR::Write(.sysconfig.sysctl.IPV6_FORWARD, Forward ? "yes" : "no"); + SCR::Write(.sysconfig.sysctl, nil); + } + SCR::Execute(.target.bash, sformat("echo %1 > /proc/sys/net/ipv4/ip_forward", + Forward ? 1 : 0)); + SCR::Execute(.target.bash, sformat("echo %1 > /proc/sys/net/ipv6/conf/all/forwarding", + Forward ? 1 : 0)); + +} /** * Read routing settings @@ -105,9 +130,7 @@ else Routes = []; - /* enabled IP forwarding */ - if(SCR::Read(.sysconfig.sysctl.IP_FORWARD) == "yes") - Forward = true; + ReadIPForwarding(); y2debug("Routes=%1", Routes); y2debug("Forward=%1", Forward); @@ -154,18 +177,7 @@ /*Progress stage 1/2*/ ProgressNextStage(_("Writing IP forwarding settings...")); - if(Forward) { - SCR::Write(.sysconfig.sysctl.IP_FORWARD, "yes"); - SCR::Write(.sysconfig.sysctl.IPV6_FORWARD, "yes"); - SCR::Execute(.target.bash, "echo 1 > /proc/sys/net/ipv4/ip_forward"); - SCR::Execute(.target.bash, "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding"); - } - else { - SCR::Write(.sysconfig.sysctl.IP_FORWARD, "no"); - SCR::Write(.sysconfig.sysctl.IPV6_FORWARD, "no"); - SCR::Execute(.target.bash, "echo 0 > /proc/sys/net/ipv4/ip_forward"); - SCR::Execute(.target.bash, "echo 0 > /proc/sys/net/ipv6/conf/all/forwarding"); - } + WriteIPForwarding(); sleep(sl); /* at first stop the running routes */ -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org