[CentOS] FirewallD issue

Marcin Trendota moonwolf.rh at gmail.com
Thu Apr 21 10:11:35 UTC 2016


Hello everybody.

Recently i moved external interface to zone "external" on my home
server/router. And something strange is hapening. From my router
(chamber, CentOS7) everything is fine:

[root at chamber ~]# firewall-cmd --list-all
home (default, active)
  interfaces: enp3s0 tun0 virbr0
  sources:
  services: dhcp dhcpv6-client dns http https imaps ipp-client mdns nfs
samba samba-client vnc-server
  ports: 143/tcp 26666/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root at chamber ~]# firewall-cmd --list-all --zone=external
external (active)
  interfaces: enp1s0
  sources:
  services:
  ports: 26666/tcp
  masquerade: yes
  forward-ports:
  icmp-blocks:
  rich rules:

[root at chamber ~]# nmap 10.0.49.14

Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-21 11:57 CEST
Nmap scan report for 10.0.49.14
Host is up (0.00045s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https
MAC Address: 52:54:00:D6:6D:4A (QEMU Virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

But from host in another location (connected through VPN):

 moonwolf  ~  nmap 10.0.49.14

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 11:59 CEST
Note: Host seems down. If it is really up, but blocking our ping probes,
try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.06 seconds
 moonwolf  ~  nmap 10.0.49.14 -Pn -p22

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 11:59 CEST
Nmap scan report for svn.karakkhaz.dwarfs (10.0.49.14)
Host is up (0.015s latency).
PORT   STATE    SERVICE
22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

 moonwolf  ~  ping 10.0.49.14
PING 10.0.49.14 (10.0.49.14) 56(84) bytes of data.
64 bytes from 10.0.49.14: icmp_seq=1 ttl=62 time=9.45 ms
64 bytes from 10.0.49.14: icmp_seq=2 ttl=62 time=26.0 ms
^C
--- 10.0.49.14 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 9.459/17.754/26.050/8.296 ms

What could cause this behavior? Before interface move everything was
working as expected.

-- 
Over And Out
MoonWolf



More information about the CentOS mailing list