[CentOS] firewalld trouble opening a port
Tim Dunphy
bluethundr at gmail.com
Sat May 9 19:24:27 UTC 2015
Hi Earl,
>The problem is you added the rule in runtime and when you reloaded it
>removed the rule that you added; therefore you need to use --permanent >or
>do not reload.
Thanks! That worked.
[root at appd:~] #firewall-cmd --zone=home --list-ports
[root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent
success
[root at appd:~] #firewall-cmd --reload
success
[root at appd:~] #firewall-cmd --zone=home --list-ports
8181/tcp
#telnet appd.mydomain.com 8181
Trying xx.xx.xx.xx...
Connected to appd.mydomain.com.
Escape character is '^]'.
On Sat, May 9, 2015 at 3:14 PM, Earl A Ramirez <earlaramirez at gmail.com>
wrote:
> On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote:
>
> > Hey all,
> >
> > I'm having a little trouble opening up a port on a C7 machine.
> >
> > Here's the default zone:
> >
> > [root at appd:~] #firewall-cmd --get-default-zone
> > home
> >
> > So I try to add the port:
> >
> > [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp
> > success
> >
> > Then I reload firewalld:
> >
> > [root at appd:~] #firewall-cmd --reload
> > success
> >
> > Simple! That should do it. Right? Well not quite.
> >
> > Cuz when I telnet to that host on that port, it's not connecting:
> >
> > #telnet appd.mydomain.com 8181
> > Trying xx.xx.xx.xx... <---obscuring the real IP
> > telnet: connect to address xx.xx.xx.xx: Connection refused
> > telnet: Unable to connect to remote host
> >
> > Yet, that port is definitely listening on the host:
> >
> > [root at appd:~] #lsof -i :8181
> > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> > java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper
> (LISTEN)
> >
> >
> > And if I stop the firewall momentarily :
> >
> > I can telnet to that port from a remote location:
> >
> > #telnet appd.mydomain.com 8181
> > Trying xx.xx.xx.xx...
> > Connected to appd.mydomain.com.
> > Escape character is '^]'.
> >
> > Of course I bring up the firewall right away once I'm done testing:
> >
> > [root at appd:~] #systemctl start firewalld
> > [root at appd:~] #systemctl status firewalld
> > firewalld.service - firewalld - dynamic firewall daemon
> > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
> > Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago
> > Main PID: 18826 (firewalld)
> > CGroup: /system.slice/firewalld.service
> > └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork
> --nopid
> >
> > May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall
> > daemon.
> >
> > Any ideas on what I'm doing wrong?
> >
> > Thanks,
> > Tim
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> I saw that you are doing firewall-cmd --reload; however you did not had the
> following:
>
> firewall-cmd --permanent --zone=home --add-port=8181/tcp
>
> The problem is you added the rule in runtime and when you reloaded it
> removed the rule that you added; therefore you need to use --permanent or
> do not reload.
>
> Let me know if this helps.
>
>
> --
> Kind Regards
> Earl Ramirez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
More information about the CentOS
mailing list