Bug 398855

Summary: vnc blocked in second stage during vnc+ssh install
Product: [openSUSE] openSUSE 11.0 Reporter: Olaf Hering <ohering>
Component: InstallationAssignee: Stefan Dirsch <sndirsch>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None CC: aschnell, locilka
Version: RC 3   
Target Milestone: ---   
Hardware: PowerPC   
OS: Linux   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: bug398855.tar.bz2

Description Olaf Hering 2008-06-10 13:17:28 UTC 
11.0rc3

if the installations is booted with 'vnc=1 usessh=1', its not possible to connect via vnc in the second stage because the firewall allows only ssh connects.
I see the Xvnc process, so its just a misconfigured firewall during second stage.
The vnc port is also blocked once the second stage is finished.

I think this worked in 10.3.
Comment 1 Olaf Hering 2008-06-10 13:22:43 UTC 
Created attachment 221268 [details]
bug398855.tar.bz2
Comment 2 Jiri Srain 2008-06-12 10:37:11 UTC 
Arvin, I'm not sure about it, who is opening even the SSH port for installation? Are that the YaST start-up scripts?
Comment 3 Arvin Schnell 2008-06-12 12:04:19 UTC 
I cannot see any code in the start-scripts that open the ssh port
in the firewall.

I suppose the firewall is still unconfigured and ssh is open per
default.  The call to rcnetwork then starts the firewall.
Comment 4 Lukas Ocilka 2008-06-13 12:11:11 UTC 
This is an installation over VNC, opening VNC on all non-dial-up interfaces...
Opening service service:xorg-x11-Xvnc on interfaces ["eth1"] (zones ["EXT"]
Adding 'service:xorg-x11-Xvnc' into 'EXT' zone
Service service:xorg-x11-Xvnc is not known, searching for new definitions...
Uknown service 'service:xorg-x11-Xvnc'

File /etc/sysconfig/SuSEfirewall2.d/services/xorg-x11-Xvnc must have been dropped from xorg-x11-Xvnc RPM.

I'll try to implement a fallback in YaST but that file should be there...
Comment 5 Stefan Dirsch 2008-06-13 12:52:00 UTC 
Yes, my fault.
Comment 6 Lukas Ocilka 2008-06-13 13:05:51 UTC 
Fallback implemented:

- Opening fallback ports in case of SSH and / or VNC installation
  when firewall services (defined by packages) are not installed
  (bnc #398855).

yast2-installation-2.17.0
Comment 7 Stefan Dirsch 2008-06-13 14:00:14 UTC 
fixed for Factory/X11:XOrg.
Comment 8 Lukas Ocilka 2008-08-06 14:38:03 UTC 
*** Bug 406438 has been marked as a duplicate of this bug. ***