Odd Gnome Problem

[Ruler2112]

I have a PC at work running RedHat 9.0. It's been great, with one exception. Starting yesterday, X won't start when it doesn't feel like it. (Almost like windoze in that regard! )

I don't believe I installed anything in it. I also can't pin down any sequence of events that leads to it not being able to start. What happens is I log in, then type startx and hit enter. If logged in as root, the splash screen pops up, but none of the icons on the bottom appear. If logged in as a regular user, I get a black screen. The mouse cursor is visible and active. When this happens, I Control-Alt-Fx to switch to that session and Control-C to break out of it. When this happens, nobody can start X until the machine is rebooted.

I believe it's a problem with Gnome because if I switchdesk kde then startx, it starts fine. Switch back to gnome and it's dead in the water again.

Anybody have any ideas? (Won't be able to try them until I'm back at work, but really hope somebody's going to say 'oh yeah, this is how you fix it'. )

[Redwolf]

-NOTE: This coming from a guy whose advice may not be reliable...but listen anyway dude! -

Try starting X like you have been (to where it crashes), then press Ctrl+Alt+F1 (or the session you started it from) and see if there are any messages like 'GNONE can't start'.

[Scott Tiger]

Give this a whirl and see if you have any luck:

Log in

type "xinit" without the quotes. This will bring up x and a terminal in the upper left hand corner. (This is also a great way to play games BTW - you're playing under X with no desktop whatsoever - expect to pick up a few framerates with this method)

In the terminal after x comes up type: gnome-session - and see if you get any helpful error messages.

You won't by chance has messed with the start up properties of Gnome would you? I'm not sure how Gnome would handle it if you removed one of the vital parts that is required to start it up.

If that doesn't prove helpful then you could reboot, login as root, make a new user account from the command line, log out and then log back in as a new user. The try to start Gnome and see if it hangs. If it still does I'd say you have a problem with one of Gnome's files (although tracking down which one could prove difficult but I've found these folks most helpful : www.gnomedesktop.org ).

If you're still having trouble at this point I'd just upgrade Gnome to 2.3 - I haven't used it in a while but 2.3 really kicked butt over 2.2. There was just no comparision. Here's the painless way to do it: http://people.ecsc.co.uk/~matt/repository.html#apt

Although the last few methods I have listed are definitely the Windows style approach to fixing the problem it may actually get you up and running again.

Hope that helps..

[Redwolf]

Quote:

Originally posted by Scott Tiger
If it still does I'd say you have a problem with one of Gnome's files (although tracking down which one could prove difficult but I've found these folks most helpful : www.gnomedesktop.org ).

Maybe checking the log could yield some clues?

[Ruler2112]

I switched to the session running X and there were no abnormal messages that I saw. Something about a control file being /tmp/.ICE-unix/#### was the last line displayed. Incidentally, this is how I break out of it when this does happen, as control-C doesn't do anything when it's hung. I'm guessing the keystroke is being caught by X, but since there's no interface up, nothing is done with it.

I really don't think it's a problem with one of Gnome's files, but it could be some temp file or something on that order. The thing that gets me is that it's fixed by a reboot. (I here thought MS had a patent on that kinda thing... )

I'll try the xinit thing and let post what, if anything, different happens. It'll have to be Monday though, as I really don't want to go in tomorrow after the week I've had. (I'm planning on recording and uploading one of my voicemail messages- "Hey Jim, my laser printer just caught on fire again. Call me." )

[Ruler2112]

OK, the last thing I see when I type startx is the following:

(==) Using config file "/etc/X11/XF86Config"
SESSION_MANAGER=local/LinServer:/tmp/.ICE-unix/25027

The last number of the second line changes with every time I enter X. When I Control-C the session, I get waiting for X server to shut down, then xinit: unexpected signal 2.


I tried the xinit, then gnome-session (very cool trick). The only line that shows up then is the SESSION_MANAGER line shown above, of course with a different number. There is absolutely nothing else that indicates anything is happening- no desktop, no icons, nothing.

[Ruler2112]

Well, I figured out what's causing this, but I still have no clue as to why. Something hit me like a ton of bricks just after my last post. I did a fresh reboot and started X fine. I then applied the new firewall rules and wouldn't you know it- X no longer starts! I'm hoping somebody else here is really good with the iptables firewall rules and can shed some light on what I'm doing wrong.

eth0 is the built-in NIC on the motherboard. It's connected to our network at large and to the internet. The IPs on our network are 207.185.212.xxx, which is why I'm limiting the new traffic to those.

eth1 is a giga-fast PCI NIC that is connected to a hub. I have other computers hooked into this hub to share the internet connection. The IPs I've given these computers are 192.168.100.yyy, which is why I'm limiting the traffic to those.

eth2 is now removed due to a hardware failure. However, it will be replaced with another PCI NIC in the very near future. I'm planning on hooking up a wireless AP to it. The IPs I've decided on for the wireless network are 192.168.200.zzz. I don't want to risk anybody else tapping into our network, so I've limited the traffic to a single IP. As the wireless network grows, I'll add more IPs to the rules.

Here is the original firewall rules that don't prevent X from loading.

Code:

iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 207.185.212.104
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A INPUT -s 207.185.212.1/24 -m state --state NEW -i eth0 -j ACCEPT
iptables -A INPUT -s 207.185.212.1/24 -i eth0 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

Here are the new rules that do prevent X from loading. As you can see, I've added comments and prettied it up a bit.

Code:

# Flush Tables and Clear System Policies to Start Fresh
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Set Default Route
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 207.185.212.104

# Enable IP Packet Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Allow Traffic Due to Established and Related Connections Through
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Set Rules for New Connection Requests
iptables -A INPUT -m state --state NEW -s 207.185.212.1/24 -i eth0 -j ACCEPT
iptables -A INPUT -m state --state NEW -s 192.168.100.1/24 -i eth1 -j ACCEPT
iptables -A INPUT -m state --state NEW -s 192.168.200.2/32 -i eth2 -j ACCEPT

# Set Default Input Rules for All Traffic from Local IPs
iptables -A INPUT -s 207.185.212.1/24 -i eth0 -j ACCEPT
iptables -A INPUT -s 192.168.100.1/24 -i eth1 -j ACCEPT
iptables -A INPUT -s 192.168.200.2/32 -i eth2 -j ACCEPT

# Set Default Forwarding Rules for All Traffic from Local IPs
iptables -A FORWARD -s 207.185.212.1/24 -i eth0 -j ACCEPT
iptables -A FORWARD -s 192.168.100.1/24 -i eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.200.2/32 -i eth2 -j ACCEPT

# Drop All Other Packets as System Policy
iptables -P INPUT DROP
#iptables -P OUTPUT DROP		//Causes ping to fail
#iptables -P FORWARD DROP		//Causes *ALL* forwarding to cease- why?

# Reject All Other Forwarding Requests
iptables -A FORWARD -i eth0 -o eth0 -j REJECT
iptables -A FORWARD -i eth1 -s ! 192.168.200.1/24 -j REJECT
iptables -A FORWARD -i eth2 -s ! 192.168.200.2/32 -j REJECT

Anybody see anywhere I've screwed up or something that would be causing the above behavior? It all seems straight-forward to me, but I'm still a newbie when it comes to this kind of stuff.

[Ruler2112]

Well, I've figured out the solution and have a theory as to what caused it that fits the behavior I've observed, although the theory speaks of poor design on the part of the gnome people IMO.

I added three rules as listed below. The only thing I can think of that explains this is that gnome is trying to connect to the localhost loopback address for something before it comes up. Why this is needed I do not know, but it would be helpful if somebody were to add this to the documentation somewhere that can be easily found when writing firewall rules.


The rules I added are:

Code:

iptables -A INPUT -m state --state NEW -s 127.0.0.1/32 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT
iptables -A FORWARD -s 127.0.0.1/32 -j ACCEPT