Avahi on fedora

I have been frustrated by avahi apparently not working properly on Fedora. Turned out I just had to disable the firewall… One more thing fedora could polish…

This entry was posted in Uncategorized. Bookmark the permalink.

15 Responses to Avahi on fedora

  1. You say ‘polish’, someone else says ‘leave insecure by default’…

    • Jesse van den Kieboom says:

      No, I just disabled it because I was lazy and because I don’t need this kind of security here. What Fedora should do is open the mdns port in the firewall when installing avahi…

  2. Rajesh Ganesan says:

    Atleast Fedora may provide an option in firewall to seamlessly allow LAN transfers. They may even provide a warning, when enabling it :)

  3. liam says:

    You’re having problems with avahi, while I can’t get either NFS or UPnP/DLNA to work. Yeah, and the Fedora guide to getting NFS working needs updating, or firewalld made more me-proofed. Not to mention SElinux (though I believe it is at least shipped nonenforcing).
    Really, the networking thing bugs me the most since that should be easy.

  4. Bastien says:

    It’s obviously wrong, except that your advice wouldn’t be enough, because, hey, the port to the actual _service_ needs to be opened too.

    And we did think of it before:
    http://thread.gmane.org/gmane.linux.redhat.fedora.desktop/6054
    http://thread.gmane.org/gmane.linux.redhat.fedora.desktop/6217

    • Jesse van den Kieboom says:

      @Bastien: I’m not talking about opening ports for services on my machine. I’m talking about mdns. It’s really simple, I want to be able to do ‘ssh machine.local’, but I need to open a port in my firewall for mdns to work. If you thought of it before, then why was it not implemented already?

  5. Bastien says:

    Because if your machine successfully advertises a service, you’d expect it to be usable. Did you even read the threads I pointed to? It’s not up to us (the desktop people), but things are slowly moving. Look for “network zones” work in firewalld and NetworkManager.

    • Jesse van den Kieboom says:

      Yes I read some of the thread, but I really don’t care about any of these technical reasons or arguments about how things are supposed to be in a nice little perfect world. Damn, I just want mdns to work, and it could have Just Worked(tm) years ago. Am I supposed to care that it still doesn’t work because ideally other problems with the firewall should be solved first? Because I don’t. Other OS’s do it, other linux distro’s do it, it’s 2012. You realize that in order to access my NAS I had to go to my router configuration to inspect the DHCP client ip-addresses and try them one by one? At 1 am in the morning? Frustrate much!. Enabling a firewall by default, restrictively, and not having services open up the right ports to have them work is not _my_ problem. Face it, Fedora is really just not the most user friendly distribution/OS out there.

      Note: I’m in a complaining mood, I know there is a lot of good work going on, and I like Fedora and its direction in other ways. But things like this really annoy the hell out of me, at times.

  6. Bastien says:

    We know it’s f’ing annoying, that’s why we send e-mails like the one in the thread. It’s “the security guys” that want us to keep the firewall even when we push back and say that with SELinux we’re already closing down most of the problems. So we try and solve it properly because that’s the only way the neckbeards in Fedora will let us.

    If bitching about it in a blog was enough to fix it, it would already have been fixed 2 years ago when I sent that mail. And your bitching only frustates _me_. So it would be nice if you could stop it there.

    • Jesse van den Kieboom says:

      Wait wait wait… Let me get this right. You are going to tell me what I can and cannot write on my own blog? Really? You are telling me that as someone who is annoyed, you want me not to express this? Wah, this is getting better and better…

  7. Bastien says:

    Sorry, I wrongly assumed you were a reasonable person that would see that efforts had been made. But you choose to ignore those and rant. Fine, do whatever you want. It’s a GNOME blog though, you’ll want to check the code of conduct :)

    • Jesse van den Kieboom says:

      You assumed correct, and I thought you would have understood that. Anyway, my blog post was not aggressive, using bad language, or attacking anyone personally. I simply complained about something that frustrated me. If I cannot even do _that_, please remove me from planet gnome…

  8. Nick says:

    I too really wish there was an /etc/iptables.d directory or “something” so that firewalls can be configured “externally” by packages.

    With the Security Vs Usability arguments the answer is simple: Disable “stuff” by default, if it’s enabled… make it work.

  9. Gloria says:

    Jesse, I stand by you. It’s a free world and you should be free to express your discontent. Is the Gnome community not a free speech loving one?

Leave a Reply

Your email address will not be published. Required fields are marked *