Hi Earl,
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent >or do not reload.
Thanks! That worked.
[root@appd:~] #firewall-cmd --zone=home --list-ports [root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root@appd:~] #firewall-cmd --reload success [root@appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
On Sat, May 9, 2015 at 3:14 PM, Earl A Ramirez earlaramirez@gmail.com wrote:
On 9 May 2015 at 14:57, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I'm having a little trouble opening up a port on a C7 machine.
Here's the default zone:
[root@appd:~] #firewall-cmd --get-default-zone home
So I try to add the port:
[root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success
Then I reload firewalld:
[root@appd:~] #firewall-cmd --reload success
Simple! That should do it. Right? Well not quite.
Cuz when I telnet to that host on that port, it's not connecting:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... <---obscuring the real IP telnet: connect to address xx.xx.xx.xx: Connection refused telnet: Unable to connect to remote host
Yet, that port is definitely listening on the host:
[root@appd:~] #lsof -i :8181 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper
(LISTEN)
And if I stop the firewall momentarily :
I can telnet to that port from a remote location:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
Of course I bring up the firewall right away once I'm done testing:
[root@appd:~] #systemctl start firewalld [root@appd:~] #systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago Main PID: 18826 (firewalld) CGroup: /system.slice/firewalld.service └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid
May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall daemon.
Any ideas on what I'm doing wrong?
Thanks, Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I saw that you are doing firewall-cmd --reload; however you did not had the following:
firewall-cmd --permanent --zone=home --add-port=8181/tcp
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent or do not reload.
Let me know if this helps.
-- Kind Regards Earl Ramirez _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos