Dear Members,
Please tell me how can I fix this problem.
Against allow imap on firewalld, I cannot access to the server.
[root at speedex ~]# telnet 153.153.xxx.xxx 110
Trying 153.153.xxx.xxx...
telnet: connect to address 153.153.xxx.xxx: No route to host
After stopping forewalld I can access to the server.
[root at speedex ~]# telnet 153.153.xxx.xxx 110
Trying 153.153.xxx.xxx...
Connected to 153.153.xxx.xxx.
Escape character is '^]'.
+OK Dovecot ready.
^]
telnet> quit
I have attached nmcli and firewalld data. Please check it.
If you need more please tell me.
Tadao
-------------- next part --------------
[root at biz103 ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System-eth0
eth1 ethernet connected Wired-eth1
lo loopback unmanaged --
[root at biz103 ~]# nmcli dev show
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: FA:16:3E:FA:CE:4A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: System-eth0
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.1.5/24
IP4.ADDRESS[2]: 153.153.xxx.xxx/32
IP4.GATEWAY: 192.168.1.1
IP4.DNS[1]: 8.8.8.8
IP4.DNS[2]: 8.8.4.4
IP6.ADDRESS[1]: fe80::f816:3eff:xxxx:xxxx/64
IP6.GATEWAY:
GENERAL.DEVICE: eth1
GENERAL.TYPE: ethernet
GENERAL.HWADDR: FA:16:3E:AC:38:75
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: Wired-eth1
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 169.254.0.5/17
IP4.GATEWAY:
IP6.ADDRESS[1]: fe80::f816:3eff:feac:3875/64
IP6.GATEWAY:
GENERAL.DEVICE: lo
GENERAL.TYPE: loopback
GENERAL.HWADDR: 00:00:00:00:00:00
GENERAL.MTU: 65536
GENERAL.STATE: 10 (unmanaged)
GENERAL.CONNECTION: --
GENERAL.CON-PATH: --
IP4.ADDRESS[1]: 127.0.0.1/8
IP4.GATEWAY:
IP6.ADDRESS[1]: ::1/128
IP6.GATEWAY:
[root at biz103 ~]# nmcli c show System-eth0
connection.id: System-eth0
connection.uuid: b7a78410-4a1f-4ddb-a49a-9c559950d047
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.timestamp: 1468483684
connection.read-only: no
connection.permissions:
connection.zone: external
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options:
ipv4.method: manual
ipv4.dns: 8.8.8.8,8.8.4.4
ipv4.dns-search:
ipv4.addresses: 192.168.1.5/24, 153.153.xxx.xxx/32
ipv4.gateway: 192.168.1.1
ipv4.routes:
ipv4.route-metric: -1
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: auto
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.gateway: --
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
GENERAL.NAME: System-eth0
GENERAL.UUID: b7a78410-4a1f-4ddb-a49a-9c559950d047
GENERAL.DEVICES: eth0
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: external
GENERAL.DBUS-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/Settings/2
GENERAL.SPEC-OBJECT: /
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 192.168.1.5/24
IP4.ADDRESS[2]: 153.153.xxx.xxx/32
IP4.GATEWAY: 192.168.1.1
IP4.DNS[1]: 8.8.8.8
IP4.DNS[2]: 8.8.4.4
IP6.ADDRESS[1]: fe80::f816:3eff:xxxx:xxxx/64
IP6.GATEWAY:
[root at biz103 ~]# firewall-cmd --zone=external --list-all
external (active)
interfaces: eth0
sources:
services: imaps pop3s ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
[root at biz103 ~]# ls -l /etc/firewalld
total 28
-rw-r--r-- 1 root root 187 Jul 14 06:55 direct.xml
-rw------- 1 root root 1028 Jul 14 08:05 firewalld.conf
-rw-r----- 1 root root 1026 Mar 5 2015 firewalld.conf.old
drwxr-x---. 2 root root 4096 Mar 5 2015 icmptypes
-rw-r-----. 1 root root 271 Mar 5 2015 lockdown-whitelist.xml
drwxr-x---. 2 root root 4096 Mar 5 2015 services
drwxr-x---. 2 root root 4096 Jul 14 07:40 zones
[root at biz103 ~]# ls -l /etc/firewalld/zones
total 12
-rw-r--r-- 1 root root 356 Jul 14 07:40 external.xml
-rw-r--r-- 1 root root 330 Jul 14 07:40 external.xml.old
-rw-r--r--. 1 root root 315 Jun 1 06:04 public.xml
[root at biz103 ~]# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule priority="0" table="nat" ipv="ipv4"
chain="POSTROUTING_direct">-s 192.168.1.5 -o eth0 -j SNAT --to
153.153.xxx.xxx</rule>
</direct>
[root at biz103 ~]# cat /etc/firewalld/zones/external.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>External</short>
<description>For use on external networks. You do not trust the other
computers on networks to not harm your computer. Only selected incoming
connections are accepted.</description>
<service name="pop3s"/>
<service name="ssh"/>
<service name="imaps"/>
<masquerade/>
</zone>