[CentOS] firewalld

Sat Jan 28 15:43:22 UTC 2017
James Hogarth <james.hogarth at gmail.com>

On 28 January 2017 at 13:44, Mike McCarthy, W1NR <sysop at w1nr.net> wrote:
> firewalld isn't the only thing that will prevent services from accessing
> the internet. I found that I needed to do a relabel before postfix could
> access DNS and I have seen other issues as well. Have you tried
> disabling the firewall to see if you can get connections to work? Then
> try to disable SElinux and see if that works.
> # netstat --inet -l -n
> Is the service listening on port 143?

Just a side note here, since EL7 removed net-tools from the default
install (after all it has been deprecated for about a decade now) you
probably should get used to providing advice using the iproute2 suite

In this case `ss -tlnp` to list all tcp ports in a listening state,
showing the pid using the port and not resolving the ports to friendly

For an example of why this is important think about using pacemaker or
keepalived to manage IPs migrating between systems. They won't be
visible using ifconfig but only via ip as they aren't exposed in the
kernel structures that ifconfig uses -

Another example is when you have multiple interfaces and you have
source policy routing (or similar advanced routing behaviour) that
makes use of rules and multiple routing tables. The older route
command is only capable of displaying the default main table, not the
rest of the tables in use, but `ip route show table all` will give you
all the routing tables in use on your system (even in a default
install it's a lot more than the route command shows) and ip rule
gives you the rules in use, if any.

On a similar note bridge-utils is also deprecated, though brctl is
ingrained into many minds!