[
http://jira.magnolia-cms.com/browse/MAGNOLIA-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Grégory Joseph updated MAGNOLIA-1959:
-------------------------------------
Description:
h3. Leopard's application level firewall :
Leopard's (OSX 10.5) firewall behaves significantly differently than the
firewall shipped with OSX 10.4. The symptoms are that Tomcat seems unreachable
("kCFErrorDomainCFNetwork:302"), but unfortunately no log message *clearly*
identifies the issue.
In some cases, Tomcat is only "partly" reachable; pages will appear, but some
of the resources can't be loaded (broken images, missing stylesheets, ...)
Another symptom is that you have to kill Tomcat to stop it ({{-HUP}} works),
because the {{shutdown}} script can't reach the running process either.
We've tried a bunch of variations on the firewall settings, but nothing really
help.
h3. Solution
Well, it's pretty simple! *Update to OSX 10.5.8 !*
If you're using Snow Leopard, the issue was also present until 10.6.1, but is
fixed as from *10.6.2* !
h4. Some interesting links:
* http://securosis.com/2007/11/01/investigating-the-leopard-firewall/
* http://documentation.magnolia.info/administration.html#Knownissues which
links back to here but has a nice little screenshot of Leopard's firewall
configuration gui ;)
h3. "Max.files opened"
There might be some "max.files opened" issues, with settings which are
different from Tiger(10.4), although this hasn't been reported in a while.
was:
h3. Leopard's application level firewall :
Leopard's firewall behaves significantly differently than the firewall shipped
with OSX 10.4. The symptoms are that Tomcat seems unreachable
("kCFErrorDomainCFNetwork:302"), but unfortunately no log message *clearly*
identifies the issue.
It seems the behavior was different prior to OSX 10.5.3, but at least in 10.5.4
the following seems to work:
- "allow incoming connections" for the Magnolia and Tomcat scripts
({{magnolia_control.sh}}, {{startup.sh}}, {{shutdown.sh}}, {{catalina.sh}}), as
well as the Java binary (ie
{{/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Commands/java}})
- it seems sometimes necessary to "lock" and "unlock" the firewall settings
pane, so as to force it to take the new settings into account.
- if Magnolia was started, you'll have to kill it (-HUP works and shuts it down
nicely) and restart.
h4. More comments and questions
- somehow, setting the firewall too "allow all" does not seem to help.
- {{sudo launchctl remove com.apple.alf}} should remove the application-level
firewall, but for some reason, this hasn't proved very useful. Will have to try
again.
h4. Log files to watch:
* {{/var/log/system.log}}
* {{/var/log/secure.log}}
* {{/var/log/appfirewall.log}}
h4. Some interesting links:
* http://securosis.com/2007/11/01/investigating-the-leopard-firewall/
* http://documentation.magnolia.info/administration.html#Knownissues which
links back to here but has a nice little screenshot of Leopard's firewall
configuration gui ;)
h3. "Max.files opened"
There might be some "max.files opened" issues, with settings which are
different from Tiger(10.4), although this hasn't been reported in a while.
There is unfortunately not much we can do about this issue at the moment, as
far as we know.
*Feel free to comment on your own experience below and contribute tips and
tricks !*
> Leopard (osx 10.5) issues
> -------------------------
>
> Key: MAGNOLIA-1959
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-1959
> Project: Magnolia
> Issue Type: Bug
> Affects Versions: 3.5
> Reporter: Grégory Joseph
> Assignee: Grégory Joseph
>
> h3. Leopard's application level firewall :
> Leopard's (OSX 10.5) firewall behaves significantly differently than the
> firewall shipped with OSX 10.4. The symptoms are that Tomcat seems
> unreachable ("kCFErrorDomainCFNetwork:302"), but unfortunately no log message
> *clearly* identifies the issue.
> In some cases, Tomcat is only "partly" reachable; pages will appear, but some
> of the resources can't be loaded (broken images, missing stylesheets, ...)
> Another symptom is that you have to kill Tomcat to stop it ({{-HUP}} works),
> because the {{shutdown}} script can't reach the running process either.
> We've tried a bunch of variations on the firewall settings, but nothing
> really help.
> h3. Solution
> Well, it's pretty simple! *Update to OSX 10.5.8 !*
> If you're using Snow Leopard, the issue was also present until 10.6.1, but is
> fixed as from *10.6.2* !
> h4. Some interesting links:
> * http://securosis.com/2007/11/01/investigating-the-leopard-firewall/
> * http://documentation.magnolia.info/administration.html#Knownissues which
> links back to here but has a nice little screenshot of Leopard's firewall
> configuration gui ;)
> h3. "Max.files opened"
> There might be some "max.files opened" issues, with settings which are
> different from Tiger(10.4), although this hasn't been reported in a while.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
