[CentOS] firewalld trouble opening a port
Earl A Ramirez
earlaramirez at gmail.com
Sat May 9 19:14:47 UTC 2015
On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote:
> Hey all,
>
> I'm having a little trouble opening up a port on a C7 machine.
>
> Here's the default zone:
>
> [root at appd:~] #firewall-cmd --get-default-zone
> home
>
> So I try to add the port:
>
> [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp
> success
>
> Then I reload firewalld:
>
> [root at appd:~] #firewall-cmd --reload
> success
>
> Simple! That should do it. Right? Well not quite.
>
> Cuz when I telnet to that host on that port, it's not connecting:
>
> #telnet appd.mydomain.com 8181
> Trying xx.xx.xx.xx... <---obscuring the real IP
> telnet: connect to address xx.xx.xx.xx: Connection refused
> telnet: Unable to connect to remote host
>
> Yet, that port is definitely listening on the host:
>
> [root at appd:~] #lsof -i :8181
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper (LISTEN)
>
>
> And if I stop the firewall momentarily :
>
> I can telnet to that port from a remote location:
>
> #telnet appd.mydomain.com 8181
> Trying xx.xx.xx.xx...
> Connected to appd.mydomain.com.
> Escape character is '^]'.
>
> Of course I bring up the firewall right away once I'm done testing:
>
> [root at appd:~] #systemctl start firewalld
> [root at appd:~] #systemctl status firewalld
> firewalld.service - firewalld - dynamic firewall daemon
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
> Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago
> Main PID: 18826 (firewalld)
> CGroup: /system.slice/firewalld.service
> └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
>
> May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall
> daemon.
>
> Any ideas on what I'm doing wrong?
>
> Thanks,
> Tim
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
I saw that you are doing firewall-cmd --reload; however you did not had the
following:
firewall-cmd --permanent --zone=home --add-port=8181/tcp
The problem is you added the rule in runtime and when you reloaded it
removed the rule that you added; therefore you need to use --permanent or
do not reload.
Let me know if this helps.
--
Kind Regards
Earl Ramirez
More information about the CentOS
mailing list