[CentOS] firewalld trouble opening a port

Sat May 9 19:14:47 UTC 2015
Earl A Ramirez <earlaramirez at gmail.com>

On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote:

> Hey all,
>
>  I'm having a little trouble opening up a port on a C7 machine.
>
>  Here's the default zone:
>
> [root at appd:~] #firewall-cmd --get-default-zone
> home
>
> So I try to add the port:
>
> [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp
> success
>
> Then I reload firewalld:
>
> [root at appd:~] #firewall-cmd --reload
> success
>
> Simple! That should do it. Right? Well not quite.
>
> Cuz when I telnet to that host on that port, it's not connecting:
>
> #telnet appd.mydomain.com 8181
> Trying xx.xx.xx.xx... <---obscuring the real IP
> telnet: connect to address xx.xx.xx.xx: Connection refused
> telnet: Unable to connect to remote host
>
> Yet, that port is definitely listening on the host:
>
> [root at appd:~] #lsof -i :8181
> COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
> java    13423 root  333u  IPv6 3526508      0t0  TCP *:intermapper (LISTEN)
>
>
> And if I stop the firewall momentarily :
>
> I can telnet to that port from a remote location:
>
> #telnet appd.mydomain.com 8181
> Trying xx.xx.xx.xx...
> Connected to appd.mydomain.com.
> Escape character is '^]'.
>
> Of course I bring up the firewall right away once I'm done testing:
>
> [root at appd:~] #systemctl start firewalld
> [root at appd:~] #systemctl status firewalld
> firewalld.service - firewalld - dynamic firewall daemon
>    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
>    Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago
>  Main PID: 18826 (firewalld)
>    CGroup: /system.slice/firewalld.service
>            └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
>
> May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall
> daemon.
>
> Any ideas on what I'm doing wrong?
>
> Thanks,
> Tim
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

I saw that you are doing firewall-cmd --reload; however you did not had the
following:

firewall-cmd --permanent --zone=home --add-port=8181/tcp

The problem is you added the rule in runtime and when you reloaded it
removed the rule that you added; therefore you need to use --permanent or
do not reload.

Let me know if this helps.


-- 
Kind Regards
Earl Ramirez