Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been trying to install SuSe LEAP 15 on a system with the idea of a web server with multiple virtual instances of apache2. However, I am still tripping over the new firewalld (new in LEAP 15). I cannot even ping a dns server.
I can see that there is an Ethernet cable connected, but I cannot ever disable firewalld so that I can check everything else out. Other than connected cables nothing works. I come from the world of iptables and since I do not have any connectivity at all, I cannot install any additional packages or perform any updates. I started "IX" with AT&T UNIX and moved along to Linux beginning with Slackware with distributions less than 1. Now I feel like I am on another planet
I have configured the network using Yast2 network settings:
Name IP Device Notes
Network Bridge 0 No IP br0
Network Bridge 1 No IP br1
1 GB card 192.168.1.60 eth0 enslaved in br1
100 MB card 192.168.1.70 eth1 enslaved in br0
Beyond this network configuration, I cannot see the ip addresses 60 and 70 with a network scan, and they are unusable.
I would appreciate something in the way of a configuration guide for the firewalld. I have been unable to find any on line assistance since it is so new, and I cannot add anything since I have no connectivity. Thanks for any help or places to look.
I would appreciate something in the way of a configuration guide for the firewalld. I have been unable to find any on line assistance since it is so new, and I cannot add anything since I have no connectivity. Thanks for any help or places to look.
I have been trying to install SuSe LEAP 15 on a system with the idea of a web server with multiple virtual instances of apache2. However, I am still tripping over the new firewalld (new in LEAP 15). I cannot even ping a dns server.
I can see that there is an Ethernet cable connected, but I cannot ever disable firewalld so that I can check everything else out. Other than connected cables nothing works. I come from the world of iptables and since I do not have any connectivity at all, I cannot install any additional packages or perform any updates. I started "IX" with AT&T UNIX and moved along to Linux beginning with Slackware with distributions less than 1. Now I feel like I am on another planet
I have configured the network using Yast2 network settings:
Name IP Device Notes
Network Bridge 0 No IP br0
Network Bridge 1 No IP br1
1 GB card 192.168.1.60 eth0 enslaved in br1
100 MB card 192.168.1.70 eth1 enslaved in br0
Beyond this network configuration, I cannot see the ip addresses 60 and 70 with a network scan, and they are unusable.
I would appreciate something in the way of a configuration guide for the firewalld. I have been unable to find any on line assistance since it is so new, and I cannot add anything since I have no connectivity. Thanks for any help or places to look.
I find it easier to let NetworkManager control the networks, but maybe that's just me. Check if you are using network.service or NetworkManager with the following -
Code:
$systemctl status network.service
$systemctl status NetworkManager
Note: The commands may be run as a local/limited user account. Hence the '$'..
Then check the status of your firewalld service -
Code:
$ systemctl status firewalld
(if memory serves me correct, firewalld is activated at the first installation and allows only ssh and DHCP)
Also, when you say network scan, did you do it with nmap ? Here's a cool tutorial in case you need it.
I find it easier to let NetworkManager control the networks, but maybe that's just me. Check if you are using network.service or NetworkManager with the following -
Code:
$systemctl status network.service
$systemctl status NetworkManager
Note: The commands may be run as a local/limited user account. Hence the '$'..
Then check the status of your firewalld service -
Code:
$ systemctl status firewalld
(if memory serves me correct, firewalld is activated at the first installation and allows only ssh and DHCP)
Also, when you say network scan, did you do it with nmap ? Here's a cool tutorial in case you need it.
When I issued the command for NetworkManger I am advised that it is loaded, disabled, and inactive (dead) - vendor preset is disabled
When I issued the command for network.service I am advised that I am running wicked.service and that it is loaded, enabled, and active (excited), vendor preset is disabled
When I issued the command for firewalld, it is running, enabled, and the vendor preset is disabled
Apparently there is not supposed to be a firewall enabled by default, but I have one enabled somehow. I have tried to shut down firewalld, disable it, or unload it to no avail using yast2. Do you have any ideas as to how I can get this system to communicate?
(I have to hand type because I cannot run putty so these lines are not as neat as Linux presents them.)
I am using Netscan Tools basic edition on Windows 10, which does work, as do my older Linux systems that are running Centos 5.6 and SuSE 11.1. I have been away from the hot new stuff but now I want to run virtual apache2 instances, and figured it was time to update. firewalld has other ideas.
Your command lines worked, and did indeed elicit the system responses for stopping and disabling the firewall, but stopping and deactivating the firewall still does not let me get network connectivity. This makes no sense at all. Stopping the firewall should open the system up.
I still don't have a good picture of what you're trying to achieve here. Back to your opening post - show us how the relevant IP addresses are assigned definitively as per these commands...
Setting up multiple virtual apache2 hosts doesn't require the use of network bridges, so further clarification from you is required here. If you want to implement IP-based virtual hosts, the following openSUSE guide may be helpful here...
The physical server must have one IP address for each IP-based virtual host. If the machine does not have multiple network cards, virtual network interfaces (IP aliasing) can also be used.
I still don't have a good picture of what you're trying to achieve here. Back to your opening post - show us how the relevant IP addresses are assigned definitively as per these commands...
Code:
ip a
Code:
ip r
What I am trying to achieve is connectivity to this system. I understand that it starts out alive with ssh enabled, but I cannot get into it with PUTTY on port 22 ssh.
IP addresses are shown assigned as follows using Yast2 Network Settings Overview
Name IP Device Notes
Network Bridge 0 No IP br0
Network Bridge 1 No IP br1
1 GB card 192.168.1.60 eth0 enslaved in br1
100 MB card 192.168.1.70 eth1 enslaved in br0
ip r gives no response
ip a gives me more information than I can type here and get it accurately, but the following is representative. If I could achieve connectivity, I would be able to cut and paste the details, but if I could do that I would not have any problem with the system. I simply cannot network connect to it, but it is alive on screen.
ip a gives the following,
loopback <LOOPBACK, UP, LOWER_UP> unknown state in group default
eth0 < BROADCAST, MULTICAST, UP, LOWER_UP > unknown state in group default
eth1, br0, br1 <BROADCAST, MULTICAST, UP, LOWER_UP > state up in group default
Setting up multiple virtual apache2 hosts doesn't require the use of network bridges, so further clarification from you is required here. If you want to implement IP-based virtual hosts, the following openSUSE guide may be helpful here...
I plan to use name based virtual hosting for 3 or 4 instances of Apache. I have a GigE card for the web traffic and a fast Ethernet card for local traffic. This is also because there was an Ethernet card driver issue in the beginning. I downloaded correct driver and installed it with a USB chip and the system quit complaining about it.
However this plan is not working because I cannot talk to my machine. There was a time when I could use Putty to talk to it, but I had no or very little external network connectivity. The system could not update itself, although it said that updates were available. If you told the machine to go ahead and update it would say that it could not access SuSe site. This is the strangest thing that I have ever run into. I would format the disk and load something else, but I really want to know what it going on here. It is a very new distribution with a firewall with a version less than one. That even sounds scary.
ip r gives no response
ip a gives me more information than I can type here and get it accurately, but the following is representative. If I could achieve connectivity, I would be able to cut and paste the details, but if I could do that I would not have any problem with the system. I simply cannot network connect to it, but it is alive on screen.
ip a gives the following,
loopback <LOOPBACK, UP, LOWER_UP> unknown state in group default
eth0 < BROADCAST, MULTICAST, UP, LOWER_UP > unknown state in group default
eth1, br0, br1 <BROADCAST, MULTICAST, UP, LOWER_UP > state up in group default
Thanks for getting involved in this mind-bender
It looks like your networking is not configured at all. Here's what my desktop says for those commands:
Code:
[root@webclone:~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 6c:62:6d:44:45:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.0.55/24 brd 192.168.0.255 scope global noprefixroute enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::6e62:6dff:fe44:45fa/64 scope link
valid_lft forever preferred_lft forever
[root@webclone:~]# ip r
default via 192.168.0.1 dev enp3s0 proto static metric 100
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.55 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
Note the highlighted parts...that's the IP address of this desktop. Your entries don't show an IP address, therefore, your networking is not configured.
I don't know about wicked.service for networking. A search for "wicked.service Linux" yields many links about what it is and how to use it...including one link about how to turn it off and use Network Manager instead...but it's not clear (to me) if that's what you should do.
Please review the pages resulting from that search...Check back here if you don't get unstuck.
I still don't understand why you created network bridges in the first place. Remove them and start over with IP addresses assigned to the ethernet network interfaces. For internet connectivity (as Sean already pointed out), you'll want a default route for the NIC connected to the internet-facing router.
It looks like your networking is not configured at all. Here's what my desktop says for those commands:
Code:
[root@webclone:~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host loNetworking no
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 6c:62:6d:44:45:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.0.55/24 brd 192.168.0.255 scope global noprefixroute enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::6e62:6dff:fe44:45fa/64 scope link
valid_lft forever preferred_lft forever
[root@webclone:~]# ip r
default via 192.168.0.1 dev enp3s0 proto static metric 100
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.55 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
Note the highlighted parts...that's the IP address of this desktop. Your entries don't show an IP address, therefore, your networking is not configured.
I don't know about wicked.service for networking. A search for "wicked.service Linux" yields many links about what it is and how to use it...including one link about how to turn it off and use Network Manager instead...but it's not clear (to me) if that's what you should do.
Please review the pages resulting from that search...Check back here if you don't get unstuck.
***************************
I can see where you have an IP address and I do not. I had another tip where I was told that they used NetworkManager. I simply do not understand how I can have a totally unconfigured network when the system displays (note IP addresses) the following:
IP addresses are shown assigned in the snippet below using Yast2 Network Settings Overview.
Name IP Device Notes
Network Bridge 0 No IP br0
Network Bridge 1 No IP br1
1 GB card 192.168.1.60 eth0 enslaved in br1
100 MB card 192.168.1.70 eth1 enslaved in br0
I am going to look at this for a few more days and and just format the disk and start over in another distribution
There are two network management frameworks you can choose from: wicked (similar to traditional ifup) or NetworkManager. Either will work. If you use wicked, then you can configure by hand, or use YaST > Network Settings and configure from there. Read the openSUSE guide for more information if needed. Why are you using a network bridge configuration?
There are two network management frameworks you can choose from: wicked (similar to traditional ifup) or NetworkManager. Either will work. If you use wicked, then you can configure by hand, or use YaST > Network Settings and configure from there. Read the openSUSE guide for more information if needed. Why are you using a network bridge configuration?
I am using the network bridge configuration because I planned to use name based virtual apache2 webservers. It has been a while since I installed this distribution (it has not worked since I installed it, but I do not give up easily) and I forget whether the system defaulted to the bridges, or if the system set up the network that way when I set up the virtual configuration. I will try NetworkManager to see what happens but I did download Centos 7 this afternoon. This has been way too much time to try to figure out what happened. I think I have landed on the "bleeding edge" rather than the "leading edge."
Thanks to all of you who have assisted me with this problem. I will answer any replies and close this thread out if and when I change to another distribution.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
SuSE LEAP 15 firewalld
