Bug 803618

Summary: Remote Administration Component In Yast2 Does Not Open Firewall Ports When Selected
Product: [openSUSE] openSUSE Tumbleweed Reporter: Forgotten User xs3PtXj4XH <forgotten_xs3PtXj4XH>
Component: YaST2Assignee: Michal Filka <mfilka>
Status: RESOLVED DUPLICATE QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None CC: niclas_arndt
Version: 13.1 Milestone 2   
Target Milestone: ---   
Hardware: PC   
OS: SUSE Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: part of my y2log
y2log containing attempt to change port settings
After changing interface zone
Updated y2log containing attempt to change port settings

Description Forgotten User xs3PtXj4XH 2013-02-13 21:18:49 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0

Using the Yast2 module "Remote Administration" allows users to permit access to the system via VNC, and also to open the relevant firewall ports. Ticking this option however, does not add the service "VNC Server" to the list of permitted services in the Yast2 module "Firewall". Instead, it must be added manually through the "Firewall" module.

Reproducible: Always

Steps to Reproduce:
1. Start YasT2's "Remote Administration" module. 
2. Enable remote administration and tick the checkbox to open the relevant firewall ports.
3. Attempt to access machine remotely via VNC
Actual Results:  
Connection times out as ports were never opened by firewall.

Expected Results:  
VNC server connects and users can log in.

After adding the permitted services manually, the VNC server asks the user for a password which does not appear to be the system's root password, nor the password for the current user. This appears to be new behaviour for 12.3, and it would be helpful to know if this is by design. Additionally, other bugs pertaining to network/firewall behaviour are recorded here:

https://bugzilla.novell.com/show_bug.cgi?id=801374
https://bugzilla.novell.com/show_bug.cgi?id=803616
Comment 1 Fuminobu Takeyama 2013-03-09 04:54:24 UTC 
Created attachment 529018 [details]
part of my y2log

Does anyone works to fix this bug?

I attached my y2log.

It seems that the service name of remote administration is wrong:
2013-03-07 12:11:15 <1> linux-4sx0.site(7428) [YCP] SuSEFirewall.ycp:2169 Removing 'service:xorg-x11-server' from 'EXT' zone
2013-03-07 12:11:15 <1> linux-4sx0.site(7428) [YCP] SuSEFirewallServices.ycp:554 Service service:xorg-x11-server is not known, searching for new definitions...

And
2013-03-07 12:11:16 <3> linux-4sx0.site(7428) [bash] ShellCommand.cc(shellcommand):78 sh: /sbin/SuSEconfig: No such file or directory

is OK?
Comment 2 Niclas Arndt 2013-03-20 20:01:30 UTC 
I have a workaround/solution to this problem:

/ect/xinet.d/vnc

service vnc1
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/bin/Xvnc
        server_args     = -noreset -inetd -once -query localhost -geometry 1240x695 -depth 24 -rfbauth /root/.vnc/passwd
        type                = UNLISTED
        port                = 5901
}

Log in (locally) as root and type 'vncpasswd' to enter the VNC password. This will enable you to log in as root.

(12.2 changed the KDE colour depth, so you had to change '-depth 16' to '24' in the above file to make the icons look ok.)

The openSUSE 12.3 documentation should be updated to cover the password change from 12.2 to 12.3. I don't know if it is possible to disable the VNC login screen completely or if you should do additional things to do it properly.
Comment 3 Forgotten User xs3PtXj4XH 2013-04-13 20:09:33 UTC 
Created attachment 535087 [details]
y2log containing attempt to change port settings
Comment 4 Forgotten User xs3PtXj4XH 2013-04-13 20:12:44 UTC 
Bug is present in 12.3 final.
Comment 5 Forgotten User xs3PtXj4XH 2013-04-13 20:14:56 UTC 
Created attachment 535088 [details]
After changing interface zone

Even after changing the network interface zone to "External" as per this bug: https://bugzilla.novell.com/show_bug.cgi?id=803616 the port selection still doesn't function.
Comment 6 Forgotten User xs3PtXj4XH 2013-06-16 08:43:21 UTC 
Problem is still present in openSUSE 13.1 M2. New YaST logs to follow.
Comment 7 Forgotten User xs3PtXj4XH 2013-06-16 10:17:36 UTC 
Created attachment 544274 [details]
Updated y2log containing attempt to change port settings

Updated log for 13.1 M2.
Comment 8 Michal Filka 2013-06-21 04:02:53 UTC 
Work in progress.

Thanks for testing.

*** This bug has been marked as a duplicate of bug 808490 ***