Broken WiFi on RPi after 14 Jan 21 update

443 wasn’t in the list, though https was enabled in firewall. I also added 443 explicitly, but no difference.

In firewalld is it necessary to add ports (eg 53) to open for all networks and hosts in addition to selecting the relevant services (eg dns) for the selected zone? I am assuming not, but this could be a mistake.

Tks

R

And Angry IP scan from the laptop shows:

on ethernet (while pi is connected via realvnc)

ports 2,80

filtered ports 5004-5009

HTTP proxy 80:HTTP/1/1 200 OK

On wifi the Rpi is not showing at all though its NM is showing as connected.

HtH.

R

And another thing - I have just discovered the firewall tab in Settings. If I disable this via the tab the firewalld system tray icon disappears. However the configuration settings in the KDE Settings seem completely different to those in the configuration reached from the system tray. Default settings are to allow incoming and outgoing connections, but I don’t at all understand the connections tab.

R

What’s got you stumped? Maybe you can post a picture.

Where’s 443?

The question is why 443 is not there, when it’s set in firewalld. BTW I turned firewalld off and repeated the IP Scan. The results are the same. I also scanned the gateway, which has open ports 53,80,443 and filtered ports 22,808. Not sure if that last should be 8080.

The full list of services enabled in firewalld is

dhcp (port 67 not found by A_IP) ,
dhcpv6 (547 not found),
dhcpv6-client (546 not found) (not sure if those last two are required)
dns (53, not found),
dns-over-tls (853, not found),
git (9418, not found),
http (80, found),
https (443, found),
mdns (5353 not found),
samba-client (137 and 138 not found),
ssh (22 found),
vncserver-x11-serviced (realvnc) (5000-5009 found).

So it appears that enabling the service in firewalld is not setting the corresponding port automatically (these are all set in both permanent and runtime).

The list of ports explicitly added for all hosts and networks is

22 tcp,
53 tcp and udp,
443 tcp ,
5000-5009 tcp and udp (realvnc) of which Angry IP only finds 5004-5009)

found on the scan, but so are 22 (SSH) and 80 (HTTP) which are not added explicitly but belong to configured services as per above.

There seems to be no consistency here. 22 is set both explicitly and under configured services, and appears on the scan. 553 and 443 are set similarly but do not. 80 is not set explicitly but still appears.

So I am wondering whether the KDE firewall is interfering, or perhaps in control instead of firewalld. I have tried turning if off, but that also turns off firewalld in systray. Similarly systemctl stop firewalld turns off the KDE firewall, so they seem to be the same service. However, the firewall configuration screen in KDE Settings is completely different from that which appears when the systray icon is right-clicked.

Here is the picture of the KDE firewall Connections tab you requested:

And here is the Settings page

I have checked that I still have the Timeshift package, so could reinstall that from cache. However, I seem to have network issues so will defer doing that and try to fix this.

Tks,

R

Do you have ip? It looks like it is replacing ifconfig. No ifconfig Package? / Applications & Desktop Environments / Arch Linux Forums

Have you tried starting from a cold boot (not reboot–complete shutdown, wait a few seconds, then boot)?

How is the Pi listed on the DHCP menu of your router interface?

ifconfig is in the net-tools package.

https://archlinux.org/news/deprecation-of-net-tools/

Hi all

1

OOPS

Hi all. I do have ip, and ip addr shows my ethernet and wifi connections as configured in Network Manager. Both are lifted.

I can’t find a dhcp interface on my router management page, but the static ip address is listed as there, but off. So it is correct on the configuration has been present on the router.

Angry ip scan does not find it at all, for any ports. NM reports that it is connected, but with limited connectivity.

Tks
R

Do you have crda installed and your country code configured for it. Plasma has some weird firewall and I can not see the connected device with nmap here. I hardly use plasma though.

https://wiki.archlinux.org/title/Network_configuration/Wireless#Respecting_the_regulatory_domain

1 Like

Well that was illuminating and ultimately successful.

crda was installed and country code correctly set.

The last post in the thread suggested comparing with a known successful installation, which I did.

As a result I removed some of the services selected in firewalld and all of the explicitly configured ports. The firewall is now set up as in my working instance.

I then had to change the firewall zone for wlan0 and eth0 to be the same -previously eth0 had been public and wlan0 home.

Then pinging it with Angry ip (A_ip) reset it to working! Strangely, as before pinging it it was not connecting to the router.

Now it is showing as connected to the router, but still not connected to the internet.

AngryIP then returned

open ports 22,80
filtered ports 53,5004-5009
proxy 80 HTTP/1.1 200 OK

So 443 https was not set, despite https being set in the list of services.

I added 443 in firewalld via the system tray. No difference.

dns was not set, despite being selected in the list.

I added 53 explicitly, no difference.

So according to firewalld, 22,53,80 and 443 are all set, but according to A_ip only 22,80,5004-5009 are open.

I then tried adding 443 via the command line. It worked.

$ firewall-cmd --zone=home --list-ports 
443/tcp

So i tried adding 53 via cli

$ firewall-cmd --permanent --zone=home --add-port=53/tcp
success

[richardh@richard-RPi ~]$ firewall-cmd --zone=home --list-ports
443/tcp

But it’s not listed.

Did I get that wrong?

[richardh@richard-RPi ~]$ firewall-cmd --permanent --zone=home --add-port=53/tcp
Warning: ALREADY_ENABLED: 53:tcp
success

No.

[richardh@richard-RPi ~]$ firewall-cmd --zone=home --list-ports
443/tcp

So it’s there but not listed. And still neithe 53 or 443 show in A_ip.

So I wondered whether wpa_supplicant could be interfering with this, and sure enough it was running. So I stopped it. But no change, Then I disabled it, but that just started it again. So I masked it.

And then, even though i have a wifi profile configured in Network Manager, I didn’t have a wifi connection at all. Even one which won’t connect to the internet.

So I have unmasked wpa_supplicant for now. And am back to where I started, with a working unable-to-connect-to-the-internet connection, ports 443 and 53 set in firewalld and not visible on A_ip.

I did notice on the way through that wpa_supplicant seemed to be configured with country code IE. I am GB.

So i set country=GB in /etc/wpa_supplicant/wpa_supplicant.conf.

You may recall that I had installed wpa_supplicant because NM was not giving me a connection.

I hadn’t set country=IE so it wasn’t a total surprise that setting country=GB didn’t make any difference.

For any of you still following this, what next? I have no idea.

In case anyone suggests removing wpa_supplicant, which seems to be taking control without adding any value (seen that before) can you confirm / advise whether

$ sudo pacman -R wpa_supplicant

is correct to remove just the installed package without removing required dependencies and without removing it from cache?

Tks

R

Is this IP address the same as the one your computer thinks it is assigned (output of ip address)?

Is your image on an SD card? I wonder if you can flash another SD card with something (doesn’t matter what, RaspberryPi OS or whatever) and see if it will connect. That would tell you if it is a hardware issue.

1 yes
2 done - it isn’t

Tks
R

What is the output of nmcli? Sorry if I am backtracking, I did not see it above.

Forgive me for being a little cautious about sending exact ip routing information over the forum - is it sufficient to say that both ethernet and wifi are connected to the router with the expected ip addresses?

If you have a specific request you could pm me.

Tks

R

This however is a little odd? Wifi contains this line

route4 192.168.1.0/24

instead of the expected route4 192.168.1.254 which is the gateway (and which is listed under eth0).

When I go into NM to add a route, it asks me to enter an address for my ip, not the gateway address. My ip address is already added, but I added it again.

Any comment? or pm.

OK so today I have learned:

1 wpa_supplicant provides WPA security so can’t be masked or removed.

https://stackoverflow.com/questions/52583404/i-want-to-stop-wpa-supplicant-on-ubuntu

So I did

$ mv /etc/wpa_supplicant/wpa_supplicant.conf wpa_supplicant.bak.  

Now I can’t find it. But WPA still works.

2 dhcpd and NM don’t mix,

but in my case

$ systemctl status dhcpcd
Unit dhcpcd.service could not be found.

so I removed all dhpcd entries from firewalld and made a new NM connection.

None of this has worked.

BTW during my researches I am still puzzled by the lack of congruity between NM and firewalld (at least the systray applet, I don’t understand what the KDE Settings page means or how to change the settings).

For instance, I set the firewall to home in NM but firewalld ignores it. I set ports in firewalld but according to A-ip it makes no difference. Very frustrating.

Happy to execute any commands to see what may be happening.

I also found

but I really don’t want to reset the router as all the devices in the house hang off it and I would not be popular if they don’t reconnect. And everything else is working fine, it’s just Manjaro ARM wifi after the recent update. Manjaro x86 and x64 working fine.

(I also easily confirmed sudo -R - apologies for asking, it was late.)

My next step, if no-one thinks of anything overnight, is to reinstall Timeshift from cache and hope I can restore a working backup. I know I won’t learn anything if it works and that this could happen again (it’s already happened twice).

Any other ideas?

R

My apologies, I didn’t think there was sensitive information in the output because it is primarily a bunch of private IPs. Now that I look at it on mine, I honestly don’t know what to make of all the IPv6 addresses so I can understand where you are coming from.

This is normal. That is just announcing the network you are connected to. My network is the same actually:

inet4 192.168.0.6/24
route4 default via 192.168.0.1 metric 600
route4 192.168.0.0/24 metric 600

The “inet4” is the IP of this computer. The line with “default” is the IP of my router. The last line is the IP range of the network.

When you scroll down to the DNS configuration, does it list the DNS server that you are expecting?

You definitely don’t need dhcpcd, not only because you are using NM but also because that device has a fixed IP address. It sounds like dhcpcd isn’t running or maybe isn’t even installed in the first place, so I guess that is not your problem.

Sorry I couldn’t be more helpful with this. I’ve been following the thread hoping to learn what the cause of this was, but it looks like you have everyone stumped! :man_shrugging:

Well I restored a snapshot - the only one which I could, which was not the latest before the problem - and the problem persists.

I ran nmcli again and this appears: it may have been there all along

p2p-dev-wlan0: disconnected
        "p2p-dev-wlan0"
        wifi-p2p, hw

However, wlan0 is up and connected and showing a correct DNS address. I am seeing the same entries on A_ip - ie not seeing port 443.

Could the p2p issue (whatever it is) be the cause of the lack of internet connection?

It appears that timeshift (at least on ARM) is failing because it has to run as root and it uses Dolphin as file manager.

I found this in the Manjaro forums ;

https://forum.manjaro.org/t/running-dolphin-as-root

But that didn’t work either. I managed despite error messages to get back to an earlier installation but no change to behaviour.

It’s not the router, been in there and checked. Or the pi, which works with other instances.

??