[CentOS] firewalld

Sat Jan 28 16:35:03 UTC 2017
TE Dukes <tdukes at palmettoshopper.com>


-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of James Hogarth
Sent: Saturday, January 28, 2017 10:43 AM
To: CentOS mailing list
Subject: Re: [CentOS] firewalld

On 28 January 2017 at 13:44, Mike McCarthy, W1NR <sysop at w1nr.net> wrote:
> firewalld isn't the only thing that will prevent services from 
> accessing the internet. I found that I needed to do a relabel before 
> postfix could access DNS and I have seen other issues as well. Have 
> you tried disabling the firewall to see if you can get connections to 
> work? Then try to disable SElinux and see if that works.
>
> # netstat --inet -l -n
>
> Is the service listening on port 143?
>


Just a side note here, since EL7 removed net-tools from the default install
(after all it has been deprecated for about a decade now) you probably
should get used to providing advice using the iproute2 suite instead.

In this case `ss -tlnp` to list all tcp ports in a listening state, showing
the pid using the port and not resolving the ports to friendly names.

For an example of why this is important think about using pacemaker or
keepalived to manage IPs migrating between systems. They won't be visible
using ifconfig but only via ip as they aren't exposed in the kernel
structures that ifconfig uses -
https://www.hogarthuk.com/?q=node/6

Another example is when you have multiple interfaces and you have source
policy routing (or similar advanced routing behaviour) that makes use of
rules and multiple routing tables. The older route command is only capable
of displaying the default main table, not the rest of the tables in use, but
`ip route show table all` will give you all the routing tables in use on
your system (even in a default install it's a lot more than the route
command shows) and ip rule gives you the rules in use, if any.

On a similar note bridge-utils is also deprecated, though brctl is ingrained
into many minds!

https://fedoramagazine.org/build-network-bridge-fedora/

Thanks for the info. I'll take a look at it.

Again, thanks!