[CentOS] firewalld trouble opening a port

Sat May 9 19:24:27 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

Hi Earl,

>The problem is you added the rule in runtime and when you reloaded it
>removed the rule that you added; therefore you need to use --permanent >or
>do not reload.

Thanks! That worked.

[root at appd:~] #firewall-cmd --zone=home --list-ports
[root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent
success
[root at appd:~] #firewall-cmd --reload
success
[root at appd:~] #firewall-cmd --zone=home --list-ports
8181/tcp

#telnet appd.mydomain.com 8181
Trying xx.xx.xx.xx...
Connected to appd.mydomain.com.
Escape character is '^]'.

On Sat, May 9, 2015 at 3:14 PM, Earl A Ramirez <earlaramirez at gmail.com>
wrote:

> On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote:
>
> > Hey all,
> >
> >  I'm having a little trouble opening up a port on a C7 machine.
> >
> >  Here's the default zone:
> >
> > [root at appd:~] #firewall-cmd --get-default-zone
> > home
> >
> > So I try to add the port:
> >
> > [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp
> > success
> >
> > Then I reload firewalld:
> >
> > [root at appd:~] #firewall-cmd --reload
> > success
> >
> > Simple! That should do it. Right? Well not quite.
> >
> > Cuz when I telnet to that host on that port, it's not connecting:
> >
> > #telnet appd.mydomain.com 8181
> > Trying xx.xx.xx.xx... <---obscuring the real IP
> > telnet: connect to address xx.xx.xx.xx: Connection refused
> > telnet: Unable to connect to remote host
> >
> > Yet, that port is definitely listening on the host:
> >
> > [root at appd:~] #lsof -i :8181
> > COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
> > java    13423 root  333u  IPv6 3526508      0t0  TCP *:intermapper
> (LISTEN)
> >
> >
> > And if I stop the firewall momentarily :
> >
> > I can telnet to that port from a remote location:
> >
> > #telnet appd.mydomain.com 8181
> > Trying xx.xx.xx.xx...
> > Connected to appd.mydomain.com.
> > Escape character is '^]'.
> >
> > Of course I bring up the firewall right away once I'm done testing:
> >
> > [root at appd:~] #systemctl start firewalld
> > [root at appd:~] #systemctl status firewalld
> > firewalld.service - firewalld - dynamic firewall daemon
> >    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
> >    Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago
> >  Main PID: 18826 (firewalld)
> >    CGroup: /system.slice/firewalld.service
> >            └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork
> --nopid
> >
> > May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall
> > daemon.
> >
> > Any ideas on what I'm doing wrong?
> >
> > Thanks,
> > Tim
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> I saw that you are doing firewall-cmd --reload; however you did not had the
> following:
>
> firewall-cmd --permanent --zone=home --add-port=8181/tcp
>
> The problem is you added the rule in runtime and when you reloaded it
> removed the rule that you added; therefore you need to use --permanent or
> do not reload.
>
> Let me know if this helps.
>
>
> --
> Kind Regards
> Earl Ramirez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B