Dear Gordon Messmer,
Thank you.
Please teach me one more. By 'firewall-cmd --list' its answer is following.
external (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dns ftp http https imaps pop3s smtp ssh ports: 110/tcp 21/tcp 20000/tcp 106/tcp 53/tcp 990/tcp 5432/tcp 8447/tcp 113/tcp 143/tcp 3306/tcp 5224/tcp 22/tcp 465/tcp 995/tcp 25/tcp 10000/tcp 8443/tcp 993/tcp 443/tcp 8880/tcp 587/tcp 20/tcp 53/udp 12768/tcp protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
Now I can use http normally. And 'ss -nat' shows 80 ports used.
But in avobe firewalld lists, there's http service, but isn't 80/tcp.port. Must I add 80/tcp.port?
Tadao
2017-07-28 11:29 GMT+09:00 Gordon Messmer gordon.messmer@gmail.com:
On 07/27/2017 06:36 PM, 望月忠雄 wrote:
But by ss -nat, IPV4 443 is not listend. How can I fix?
# ss -nat | grep LISTEN | grep 443 LISTEN 0 128 :::443 :::*
By default, Linux processes that listen on an IPv6 port will also listen on the IPv4 port (when no specific address is specified):
http://man7.org/linux/man-pages/man7/ipv6.7.html
You could change that behavior by modifying /proc/sys/net/ipv6/bindv6only, but your system is working normally now.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos