Bugzilla – Bug 567258
SynCE & WM
Last modified: 2010-02-22 20:50:25 UTC
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6 when i connet my wm5 ppc to running system it not detecded in synce-kpm. If connect ppc before boot system and booting synce-kpm detect my device. And NM already detect ppc as lan adapter and popup I know how fix it but how about make it out of box? Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 336605 [details] Firewall work around as described in wki I'm having a problem. The suse firewall is preventing the device from connecting with synce-kpm. There is a work around in the wiki - http://en.opensuse.org/Synce but it doesn't work for me. I have to stop the firewall manually. I've tried adding rules to the firewall to allow the connection but can't get anything to work. I'm using openSUSE 11.2 with KDE4.3.4 and Win mobile 6 pda phone connecting via usb. Dmesg Log outputs after connecting device with firewall enabled. [28729.085047] usb 2-2: new full speed USB device using uhci_hcd and address 8 [28729.249113] usb 2-2: New USB device found, idVendor=0bb4, idProduct=0a51 [28729.249139] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [28729.249158] usb 2-2: Product: USB Serial for Wizard [28729.249172] usb 2-2: Manufacturer: HTC [28729.249184] usb 2-2: SerialNumber: 00846335-6855-0161-1800-0050bf3f5173 [28729.249418] usb 2-2: configuration #1 chosen from 1 choice [28729.253262] ipaq 2-2:1.0: PocketPC PDA converter detected [28729.260794] usb 2-2: PocketPC PDA converter now attached to ttyUSB0 [28732.034115] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=255.255.255.255 LEN=275 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=255 [28733.036359] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=255.255.255.255 LEN=275 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=255 [28734.038112] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=255.255.255.255 LEN=275 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=255 [28736.102096] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=1215 DF PROTO=TCP SPT=1131 DPT=7438 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B401010402) [28736.309114] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=1217 DF PROTO=TCP SPT=1132 DPT=990 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B401010402) [28737.136069] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=1218 PROTO=UDP SPT=1133 DPT=53 LEN=32 [28739.136348] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=1219 DF PROTO=TCP SPT=1131 DPT=7438 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B401010402) [28739.340084] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=1220 DF PROTO=TCP SPT=1132 DPT=990 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B401010402) [28743.139521] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=1222 PROTO=UDP SPT=1133 DPT=53 LEN=32 [28745.112074] SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=192.168.131.129 DST=192.168.131.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=1223 DF PROTO=TCP SPT=1131 DPT=7438 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (020405B401010402)
To original reporter: the WM5 device should be detected even while running. Can you post some relevant information from /var/log/messages? To second comment: Yes, the firewall is definitely blocking the communication. Can you post the output of (as root) /sbin/SuSEfirewall2 status ?
I have added a SuSEfirewall2 rules file to synce-hal. This should make it easier to configure exceptions. Open Yast2 firewall -> Allowed Services -> in the drop down choose "SynCE" -> click "Add" -> Next. This should allow the device to work no matter what the interface name. Closing as fixed.
(In reply to comment #2) > To original reporter: the WM5 device should be detected even while running. Can > you post some relevant information from /var/log/messages? [ 1292.564074] usb 2-1: new full speed USB device using uhci_hcd and address 2 [ 1292.738099] usb 2-1: New USB device found, idVendor=0bf8, idProduct=1011 [ 1292.738136] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1292.738166] usb 2-1: Product: USB RNDIS for PocketLOOX [ 1292.738189] usb 2-1: Manufacturer: FUJITSU SIEMENS COMPUTERS [ 1292.738213] usb 2-1: SerialNumber: 03361006-1508-0106-6800-0050bf7a660c [ 1292.738522] usb 2-1: configuration #1 chosen from 1 choice [ 1292.831255] usbcore: registered new interface driver cdc_ether [ 1293.147080] rndis_host 2-1:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47 [ 1293.154301] eth2: register 'rndis_host' at usb-0000:00:1d.0-1, RNDIS device, 80:00:60:0f:e8:00 [ 1293.154345] usbcore: registered new interface driver rndis_host [ 1293.190887] cfg80211: Calling CRDA to update world regulatory domain [ 1293.240197] usbcore: registered new interface driver rndis_wlan [ 1293.633155] SFW2-INext-DROP-DEFLT IN=eth2 OUT= MAC=33:33:ff:0f:e8:00:82:00:60:0f:e8:00:86:dd:60:00:00:00:00:20:00:01:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:ff:02:00:00:00:00:00:00:00:00:00:01:ff:0f:e8:00:3a:00:05:02 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff0f:e800 LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0 OPT ( ) PROTO=ICMPv6 TYPE=131 CODE=0 [ 1295.657209] SFW2-INext-DROP-DEFLT IN=eth2 OUT= MAC=33:33:ff:0f:e8:00:82:00:60:0f:e8:00:86:dd:60:00:00:00:00:20:00:01:fe:80:00:00:00:00:00:00:80:00:60:ff:fe:0f:e8:00:ff:02:00:00:00:00:00:00:00:00:00:01:ff:0f:e8:00:3a:00:05:02 SRC=fe80:0000:0000:0000:8000:60ff:fe0f:e800 DST=ff02:0000:0000:0000:0000:0001:ff0f:e800 LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0 OPT ( ) PROTO=ICMPv6 TYPE=131 CODE=0 [ 1296.489182] martian source 255.255.255.255 from 169.254.2.1, on dev eth2 [ 1296.489206] ll header: ff:ff:ff:ff:ff:ff:82:00:60:0f:e8:00:08:00:45:00:01:2e:00:38:00:00:80:11:8d:88:a9:fe:02:01:ff:ff:ff:ff:00:43:00:44:01:1a:ec:81:02:01:06:00:c9:e7:30:59:00:00:00:00:00:00:00:00 [ 1296.552133] martian source 255.255.255.255 from 169.254.2.1, on dev eth2 [ 1296.552157] ll header: ff:ff:ff:ff:ff:ff:82:00:60:0f:e8:00:08:00:45:00:01:2e:00:39:00:00:80:11:8d:87:a9:fe:02:01:ff:ff:ff:ff:00:43:00:44:01:1a:95:81:02:01:06:00:c9:e7:30:59:00:00:00:00:00:00:00:00 [ 1298.125162] SFW2-INext-DROP-DEFLT IN=eth2 OUT= MAC=80:00:60:0f:e8:00:82:00:60:0f:e8:00:08:00 SRC=169.254.2.1 DST=169.254.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=58 DF PROTO=TCP SPT=1032 DPT=990 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (02041F4A01010402) [ 1301.424173] SFW2-INext-DROP-DEFLT IN=eth2 OUT= MAC=80:00:60:0f:e8:00:82:00:60:0f:e8:00:08:00 SRC=169.254.2.1 DST=169.254.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=59 DF PROTO=TCP SPT=1032 DPT=990 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (02041F4A01010402) [ 1303.966022] eth2: no IPv6 routers present [ 1305.512293] SFW2-INext-DROP-DEFLT IN=eth1 OUT= MAC=00:16:6f:a0:ae:6f:00:1a:ef:0a:33:eb:08:00 SRC=192.168.11.137 DST=192.168.11.161 LEN=126 TOS=0x00 PREC=0x00 TTL=128 ID=39180 PROTO=UDP SPT=17035 DPT=52253 LEN=106 [ 1306.406071] SFW2-OUT-ERROR IN= OUT=eth1 SRC=192.168.11.161 DST=217.73.200.169 LEN=497 TOS=0x00 PREC=0x00 TTL=64 ID=14748 DF PROTO=TCP SPT=56924 DPT=80 WINDOW=5840 RES=0x00 ACK PSH FIN URGP=0 [ 1307.024133] SFW2-INext-DROP-DEFLT IN=eth2 OUT= MAC=80:00:60:0f:e8:00:82:00:60:0f:e8:00:08:00 SRC=169.254.2.1 DST=169.254.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60 DF PROTO=TCP SPT=1032 DPT=990 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (02041F4A01010402) [ 1319.044201] SFW2-INext-DROP-DEFLT IN=eth2 OUT= MAC=80:00:60:0f:e8:00:82:00:60:0f:e8:00:08:00 SRC=169.254.2.1 DST=169.254.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=61 DF PROTO=TCP SPT=1032 DPT=990 WINDOW=32768 RES=0x00 SYN URGP=0 OPT (02041F4A01010402) > To second comment: Yes, the firewall is definitely blocking the communication. > Can you post the output of (as root) /sbin/SuSEfirewall2 status ? /sbin/SuSEfirewall2 status ### iptables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 160 7734 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 6409 5842K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 14 928 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 0 0 input_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0 31 4592 input_ext all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 input_ext all -- pan0 * 0.0.0.0/0 0.0.0.0/0 0 0 input_ext all -- vboxnet0 * 0.0.0.0/0 0.0.0.0/0 22 4475 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING ' Chain OUTPUT (policy ACCEPT 3 packets, 1034 bytes) pkts bytes target prot opt in out source destination 160 7734 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 6545 892K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 3 1034 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR ' Chain forward_ext (0 references) pkts bytes target prot opt in out source destination Chain input_ext (5 references) pkts bytes target prot opt in out source destination 13 1648 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 state RELATED 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:139 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:445 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 29 5700 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 4 192 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 4 525 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 11 1719 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject_func (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable ### iptables raw ### Chain PREROUTING (policy ACCEPT 8765 packets, 5950K bytes) pkts bytes target prot opt in out source destination 160 7734 NOTRACK all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 8840 packets, 989K bytes) pkts bytes target prot opt in out source destination 160 7734 NOTRACK all -- * lo 0.0.0.0/0 0.0.0.0/0 ### ip6tables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 40 2800 ACCEPT all lo * ::/0 ::/0 0 0 ACCEPT all * * ::/0 ::/0 state ESTABLISHED 0 0 ACCEPT icmpv6 * * ::/0 ::/0 state RELATED 0 0 input_ext all eth0 * ::/0 ::/0 0 0 input_ext all eth1 * ::/0 ::/0 0 0 input_ext all pan0 * ::/0 ::/0 0 0 input_ext all vboxnet0 * ::/0 ::/0 3 208 input_ext all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET ' 0 0 DROP all * * ::/0 ::/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all * * ::/0 ::/0 PHYSDEV match --physdev-is-bridged 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING ' Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 40 2800 ACCEPT all * lo ::/0 ::/0 6 384 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT all * * ::/0 ::/0 state NEW,RELATED,ESTABLISHED 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR ' Chain forward_ext (0 references) pkts bytes target prot opt in out source destination Chain input_ext (5 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 133 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 134 1 64 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 135 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 136 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 137 0 0 ACCEPT udp * * ::/0 ::/0 udp spt:137 state RELATED 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:139 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:139 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:445 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:445 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 2 144 LOG icmpv6 * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 0 0 LOG udp * * ::/0 ::/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 2 144 DROP all * * ::/0 ::/0 Chain reject_func (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-addr-unreachable 0 0 DROP all * * ::/0 ::/0 ### ip6tables mangle ### Chain PREROUTING (policy ACCEPT 105 packets, 8515 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 73 packets, 5108 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 82 packets, 5668 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 82 packets, 5668 bytes) pkts bytes target prot opt in out source destination ### ip6tables raw ### Chain PREROUTING (policy ACCEPT 105 packets, 8515 bytes) pkts bytes target prot opt in out source destination 40 2800 NOTRACK all lo * ::/0 ::/0 Chain OUTPUT (policy ACCEPT 82 packets, 5668 bytes) pkts bytes target prot opt in out source destination 40 2800 NOTRACK all * lo ::/0 ::/0
As I suspected, both the problems are due to misconfigured firewall. Try the new packages from system:SynCE and the firewall configuration procedure I outlined above. Should work just fine after that.
Thanks. It seems to be working now. I actually managed to get it working before by adding interface eth1 to the external zone in susefirewall. But I wasn't sure if that was completely secure so didn't really use it. I assume your rule is a more secure method?
It opens just the ports necessary for communication, so it's more secure than disabling the firewall completely. Is it more secure than adding the interface to the internal zone, not really, just a bit easier because it doesn't matter what the device name is. I've updated the wiki with some new instructions too.