I have been frustrated by avahi apparently not working properly on Fedora. Turned out I just had to disable the firewall… One more thing fedora could polish…
-
Archives
- July 2015
- September 2014
- June 2014
- April 2014
- January 2014
- August 2013
- February 2013
- November 2012
- September 2012
- August 2012
- July 2012
- February 2012
- January 2012
- November 2011
- September 2011
- August 2011
- December 2010
- July 2010
- February 2010
- December 2009
- November 2009
- September 2009
- July 2009
- June 2009
-
Meta
You say ‘polish’, someone else says ‘leave insecure by default’…
No, I just disabled it because I was lazy and because I don’t need this kind of security here. What Fedora should do is open the mdns port in the firewall when installing avahi…
Atleast Fedora may provide an option in firewall to seamlessly allow LAN transfers. They may even provide a warning, when enabling it :)
Why do I care about that. Stop defending something that’s so obviously wrong…
You’re having problems with avahi, while I can’t get either NFS or UPnP/DLNA to work. Yeah, and the Fedora guide to getting NFS working needs updating, or firewalld made more me-proofed. Not to mention SElinux (though I believe it is at least shipped nonenforcing).
Really, the networking thing bugs me the most since that should be easy.
It’s obviously wrong, except that your advice wouldn’t be enough, because, hey, the port to the actual _service_ needs to be opened too.
And we did think of it before:
http://thread.gmane.org/gmane.linux.redhat.fedora.desktop/6054
http://thread.gmane.org/gmane.linux.redhat.fedora.desktop/6217
@Bastien: I’m not talking about opening ports for services on my machine. I’m talking about mdns. It’s really simple, I want to be able to do ‘ssh machine.local’, but I need to open a port in my firewall for mdns to work. If you thought of it before, then why was it not implemented already?
Because if your machine successfully advertises a service, you’d expect it to be usable. Did you even read the threads I pointed to? It’s not up to us (the desktop people), but things are slowly moving. Look for “network zones” work in firewalld and NetworkManager.
Yes I read some of the thread, but I really don’t care about any of these technical reasons or arguments about how things are supposed to be in a nice little perfect world. Damn, I just want mdns to work, and it could have Just Worked(tm) years ago. Am I supposed to care that it still doesn’t work because ideally other problems with the firewall should be solved first? Because I don’t. Other OS’s do it, other linux distro’s do it, it’s 2012. You realize that in order to access my NAS I had to go to my router configuration to inspect the DHCP client ip-addresses and try them one by one? At 1 am in the morning? Frustrate much!. Enabling a firewall by default, restrictively, and not having services open up the right ports to have them work is not _my_ problem. Face it, Fedora is really just not the most user friendly distribution/OS out there.
Note: I’m in a complaining mood, I know there is a lot of good work going on, and I like Fedora and its direction in other ways. But things like this really annoy the hell out of me, at times.
We know it’s f’ing annoying, that’s why we send e-mails like the one in the thread. It’s “the security guys” that want us to keep the firewall even when we push back and say that with SELinux we’re already closing down most of the problems. So we try and solve it properly because that’s the only way the neckbeards in Fedora will let us.
If bitching about it in a blog was enough to fix it, it would already have been fixed 2 years ago when I sent that mail. And your bitching only frustates _me_. So it would be nice if you could stop it there.
Wait wait wait… Let me get this right. You are going to tell me what I can and cannot write on my own blog? Really? You are telling me that as someone who is annoyed, you want me not to express this? Wah, this is getting better and better…
Sorry, I wrongly assumed you were a reasonable person that would see that efforts had been made. But you choose to ignore those and rant. Fine, do whatever you want. It’s a GNOME blog though, you’ll want to check the code of conduct :)
You assumed correct, and I thought you would have understood that. Anyway, my blog post was not aggressive, using bad language, or attacking anyone personally. I simply complained about something that frustrated me. If I cannot even do _that_, please remove me from planet gnome…
I too really wish there was an /etc/iptables.d directory or “something” so that firewalls can be configured “externally” by packages.
With the Security Vs Usability arguments the answer is simple: Disable “stuff” by default, if it’s enabled… make it work.
Jesse, I stand by you. It’s a free world and you should be free to express your discontent. Is the Gnome community not a free speech loving one?