Hey all,
I'm having a little trouble opening up a port on a C7 machine.
Here's the default zone:
[root@appd:~] #firewall-cmd --get-default-zone home
So I try to add the port:
[root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success
Then I reload firewalld:
[root@appd:~] #firewall-cmd --reload success
Simple! That should do it. Right? Well not quite.
Cuz when I telnet to that host on that port, it's not connecting:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... <---obscuring the real IP telnet: connect to address xx.xx.xx.xx: Connection refused telnet: Unable to connect to remote host
Yet, that port is definitely listening on the host:
[root@appd:~] #lsof -i :8181 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper (LISTEN)
And if I stop the firewall momentarily :
I can telnet to that port from a remote location:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
Of course I bring up the firewall right away once I'm done testing:
[root@appd:~] #systemctl start firewalld [root@appd:~] #systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago Main PID: 18826 (firewalld) CGroup: /system.slice/firewalld.service └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall daemon.
Any ideas on what I'm doing wrong?
Thanks, Tim
On 9 May 2015 at 14:57, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I'm having a little trouble opening up a port on a C7 machine.
Here's the default zone:
[root@appd:~] #firewall-cmd --get-default-zone home
So I try to add the port:
[root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success
Then I reload firewalld:
[root@appd:~] #firewall-cmd --reload success
Simple! That should do it. Right? Well not quite.
Cuz when I telnet to that host on that port, it's not connecting:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... <---obscuring the real IP telnet: connect to address xx.xx.xx.xx: Connection refused telnet: Unable to connect to remote host
Yet, that port is definitely listening on the host:
[root@appd:~] #lsof -i :8181 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper (LISTEN)
And if I stop the firewall momentarily :
I can telnet to that port from a remote location:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
Of course I bring up the firewall right away once I'm done testing:
[root@appd:~] #systemctl start firewalld [root@appd:~] #systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago Main PID: 18826 (firewalld) CGroup: /system.slice/firewalld.service └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall daemon.
Any ideas on what I'm doing wrong?
Thanks, Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I saw that you are doing firewall-cmd --reload; however you did not had the following:
firewall-cmd --permanent --zone=home --add-port=8181/tcp
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent or do not reload.
Let me know if this helps.
Hi Earl,
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent >or do not reload.
Thanks! That worked.
[root@appd:~] #firewall-cmd --zone=home --list-ports [root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root@appd:~] #firewall-cmd --reload success [root@appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
On Sat, May 9, 2015 at 3:14 PM, Earl A Ramirez earlaramirez@gmail.com wrote:
On 9 May 2015 at 14:57, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I'm having a little trouble opening up a port on a C7 machine.
Here's the default zone:
[root@appd:~] #firewall-cmd --get-default-zone home
So I try to add the port:
[root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success
Then I reload firewalld:
[root@appd:~] #firewall-cmd --reload success
Simple! That should do it. Right? Well not quite.
Cuz when I telnet to that host on that port, it's not connecting:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... <---obscuring the real IP telnet: connect to address xx.xx.xx.xx: Connection refused telnet: Unable to connect to remote host
Yet, that port is definitely listening on the host:
[root@appd:~] #lsof -i :8181 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper
(LISTEN)
And if I stop the firewall momentarily :
I can telnet to that port from a remote location:
#telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
Of course I bring up the firewall right away once I'm done testing:
[root@appd:~] #systemctl start firewalld [root@appd:~] #systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago Main PID: 18826 (firewalld) CGroup: /system.slice/firewalld.service └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid
May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall daemon.
Any ideas on what I'm doing wrong?
Thanks, Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I saw that you are doing firewall-cmd --reload; however you did not had the following:
firewall-cmd --permanent --zone=home --add-port=8181/tcp
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent or do not reload.
Let me know if this helps.
-- Kind Regards Earl Ramirez _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 5/9/2015 3:24 PM, Tim Dunphy wrote:
Hi Earl,
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent >or do not reload.
Thanks! That worked.
[root@appd:~] #firewall-cmd --zone=home --list-ports [root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root@appd:~] #firewall-cmd --reload success [root@appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp
Just remember that the permanent command doesn't add the rule immediately, so it doesn't take effect *until* you reload.
you can also do this:
# firewall-cmd --zone=home --add-port=8181/tcp # <add other stuff> <Test that everything works right> # firewall-cmd --runtime-to-permanent
That way, if you screw something up, you can simply reload (or reboot) to fix it.
Just remember that the permanent command doesn't add the rule immediately, so it doesn't take effect *until* you reload. you can also do this: # firewall-cmd --zone=home --add-port=8181/tcp # <add other stuff>
<Test that everything works right> # firewall-cmd --runtime-to-permanent That way, if you screw something up, you can simply reload (or reboot) to fix it.
That's a very excellent point! I'll have to remember that. I've read a few guides on how to use firewall-cmd on CentOS 7, but I haven't seem this tip mentioned anywhere!
So thanks for pointing that out!
On Mon, May 11, 2015 at 9:18 AM, Bowie Bailey Bowie_Bailey@buc.com wrote:
On 5/9/2015 3:24 PM, Tim Dunphy wrote:
Hi Earl,
The problem is you added the rule in runtime and when you reloaded it
removed the rule that you added; therefore you need to use --permanent
or
do not reload.
Thanks! That worked.
[root@appd:~] #firewall-cmd --zone=home --list-ports [root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root@appd:~] #firewall-cmd --reload success [root@appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp
Just remember that the permanent command doesn't add the rule immediately, so it doesn't take effect *until* you reload.
you can also do this:
# firewall-cmd --zone=home --add-port=8181/tcp # <add other stuff>
<Test that everything works right> # firewall-cmd --runtime-to-permanent
That way, if you screw something up, you can simply reload (or reboot) to fix it.
-- Bowie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Bowie Bailey -
Earl A Ramirez -
Tim Dunphy