[CentOS] firewalld and LISTEN

Fri Jul 28 01:58:45 UTC 2017
望月忠雄 <tadao at creative-japan.org>

Dear Jonathan,

Thank you.

Apache is running. And I can access by https(IPV4 443).
Please tell me which configuration I need to check.

Tadao


2017-07-28 10:52 GMT+09:00 Jonathan Billings <billings at negate.org>:

> On Jul 27, 2017, at 9:36 PM, 望月忠雄 <tadao at creative-japan.org> wrote:
> >
> > On CentOS7 I have following firewalld setting.
> >
> > external (active)
> >  target: default
> >  icmp-block-inversion: no
> >  interfaces: eth0
> >  sources:
> >  services: dns ftp http https imaps pop3s smtp ssh
> >  ports: 110/tcp 21/tcp 20000/tcp 106/tcp 53/tcp 990/tcp 5432/tcp 8447/tcp
> > 113/tcp 143/tcp 3306/tcp 5224/tcp 22/tcp 465/tcp 995/tcp 25/tcp 10000/tcp
> > 8443/tcp 993/tcp 443/tcp 8880/tcp 587/tcp 20/tcp 53/udp 12768/tcp
> >  protocols:
> >  masquerade: yes
> >  forward-ports:
> >  sourceports:
> >  icmp-blocks:
> >  rich rules:
> >
> > But by ss -nat, IPV4 443 is not listend. How can I fix?
> >
> > # ss -nat | grep LISTEN | grep 443
> > LISTEN     0      128         :::443                     :::*
>
> Just because the firewall is open doesn’t mean the process listening on
> port 443 has to be running.  It looks like your HTTPD server (I assume
> apache httpd?) isn’t listening on ipv4.  This is not a firewall problem,
> but a configuration problem for the web server.
>
> --
> Jonathan Billings <billings at negate.org>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>