Hey all, I'm having a little trouble opening up a port on a C7 machine. Here's the default zone: [root at appd:~] #firewall-cmd --get-default-zone home So I try to add the port: [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success Then I reload firewalld: [root at appd:~] #firewall-cmd --reload success Simple! That should do it. Right? Well not quite. Cuz when I telnet to that host on that port, it's not connecting: #telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... <---obscuring the real IP telnet: connect to address xx.xx.xx.xx: Connection refused telnet: Unable to connect to remote host Yet, that port is definitely listening on the host: [root at appd:~] #lsof -i :8181 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper (LISTEN) And if I stop the firewall momentarily : I can telnet to that port from a remote location: #telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'. Of course I bring up the firewall right away once I'm done testing: [root at appd:~] #systemctl start firewalld [root at appd:~] #systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago Main PID: 18826 (firewalld) CGroup: /system.slice/firewalld.service ??18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall daemon. Any ideas on what I'm doing wrong? Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote:> Hey all, > > I'm having a little trouble opening up a port on a C7 machine. > > Here's the default zone: > > [root at appd:~] #firewall-cmd --get-default-zone > home > > So I try to add the port: > > [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp > success > > Then I reload firewalld: > > [root at appd:~] #firewall-cmd --reload > success > > Simple! That should do it. Right? Well not quite. > > Cuz when I telnet to that host on that port, it's not connecting: > > #telnet appd.mydomain.com 8181 > Trying xx.xx.xx.xx... <---obscuring the real IP > telnet: connect to address xx.xx.xx.xx: Connection refused > telnet: Unable to connect to remote host > > Yet, that port is definitely listening on the host: > > [root at appd:~] #lsof -i :8181 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper (LISTEN) > > > And if I stop the firewall momentarily : > > I can telnet to that port from a remote location: > > #telnet appd.mydomain.com 8181 > Trying xx.xx.xx.xx... > Connected to appd.mydomain.com. > Escape character is '^]'. > > Of course I bring up the firewall right away once I'm done testing: > > [root at appd:~] #systemctl start firewalld > [root at appd:~] #systemctl status firewalld > firewalld.service - firewalld - dynamic firewall daemon > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) > Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago > Main PID: 18826 (firewalld) > CGroup: /system.slice/firewalld.service > ??18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid > > May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall > daemon. > > Any ideas on what I'm doing wrong? > > Thanks, > Tim > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >I saw that you are doing firewall-cmd --reload; however you did not had the following: firewall-cmd --permanent --zone=home --add-port=8181/tcp The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent or do not reload. Let me know if this helps. -- Kind Regards Earl Ramirez
Hi Earl,>The problem is you added the rule in runtime and when you reloaded it >removed the rule that you added; therefore you need to use --permanent >or >do not reload.Thanks! That worked. [root at appd:~] #firewall-cmd --zone=home --list-ports [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root at appd:~] #firewall-cmd --reload success [root at appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp #telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'. On Sat, May 9, 2015 at 3:14 PM, Earl A Ramirez <earlaramirez at gmail.com> wrote:> On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote: > > > Hey all, > > > > I'm having a little trouble opening up a port on a C7 machine. > > > > Here's the default zone: > > > > [root at appd:~] #firewall-cmd --get-default-zone > > home > > > > So I try to add the port: > > > > [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp > > success > > > > Then I reload firewalld: > > > > [root at appd:~] #firewall-cmd --reload > > success > > > > Simple! That should do it. Right? Well not quite. > > > > Cuz when I telnet to that host on that port, it's not connecting: > > > > #telnet appd.mydomain.com 8181 > > Trying xx.xx.xx.xx... <---obscuring the real IP > > telnet: connect to address xx.xx.xx.xx: Connection refused > > telnet: Unable to connect to remote host > > > > Yet, that port is definitely listening on the host: > > > > [root at appd:~] #lsof -i :8181 > > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > > java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper > (LISTEN) > > > > > > And if I stop the firewall momentarily : > > > > I can telnet to that port from a remote location: > > > > #telnet appd.mydomain.com 8181 > > Trying xx.xx.xx.xx... > > Connected to appd.mydomain.com. > > Escape character is '^]'. > > > > Of course I bring up the firewall right away once I'm done testing: > > > > [root at appd:~] #systemctl start firewalld > > [root at appd:~] #systemctl status firewalld > > firewalld.service - firewalld - dynamic firewall daemon > > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) > > Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago > > Main PID: 18826 (firewalld) > > CGroup: /system.slice/firewalld.service > > ??18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork > --nopid > > > > May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall > > daemon. > > > > Any ideas on what I'm doing wrong? > > > > Thanks, > > Tim > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > I saw that you are doing firewall-cmd --reload; however you did not had the > following: > > firewall-cmd --permanent --zone=home --add-port=8181/tcp > > The problem is you added the rule in runtime and when you reloaded it > removed the rule that you added; therefore you need to use --permanent or > do not reload. > > Let me know if this helps. > > > -- > Kind Regards > Earl Ramirez > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B