On 28 January 2017 at 13:44, Mike McCarthy, W1NR <sysop at w1nr.net> wrote:> firewalld isn't the only thing that will prevent services from accessing > the internet. I found that I needed to do a relabel before postfix could > access DNS and I have seen other issues as well. Have you tried > disabling the firewall to see if you can get connections to work? Then > try to disable SElinux and see if that works. > > # netstat --inet -l -n > > Is the service listening on port 143? >Just a side note here, since EL7 removed net-tools from the default install (after all it has been deprecated for about a decade now) you probably should get used to providing advice using the iproute2 suite instead. In this case `ss -tlnp` to list all tcp ports in a listening state, showing the pid using the port and not resolving the ports to friendly names. For an example of why this is important think about using pacemaker or keepalived to manage IPs migrating between systems. They won't be visible using ifconfig but only via ip as they aren't exposed in the kernel structures that ifconfig uses - https://www.hogarthuk.com/?q=node/6 Another example is when you have multiple interfaces and you have source policy routing (or similar advanced routing behaviour) that makes use of rules and multiple routing tables. The older route command is only capable of displaying the default main table, not the rest of the tables in use, but `ip route show table all` will give you all the routing tables in use on your system (even in a default install it's a lot more than the route command shows) and ip rule gives you the rules in use, if any. On a similar note bridge-utils is also deprecated, though brctl is ingrained into many minds! https://fedoramagazine.org/build-network-bridge-fedora/
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of James Hogarth Sent: Saturday, January 28, 2017 10:43 AM To: CentOS mailing list Subject: Re: [CentOS] firewalld On 28 January 2017 at 13:44, Mike McCarthy, W1NR <sysop at w1nr.net> wrote:> firewalld isn't the only thing that will prevent services from > accessing the internet. I found that I needed to do a relabel before > postfix could access DNS and I have seen other issues as well. Have > you tried disabling the firewall to see if you can get connections to > work? Then try to disable SElinux and see if that works. > > # netstat --inet -l -n > > Is the service listening on port 143? >Just a side note here, since EL7 removed net-tools from the default install (after all it has been deprecated for about a decade now) you probably should get used to providing advice using the iproute2 suite instead. In this case `ss -tlnp` to list all tcp ports in a listening state, showing the pid using the port and not resolving the ports to friendly names. For an example of why this is important think about using pacemaker or keepalived to manage IPs migrating between systems. They won't be visible using ifconfig but only via ip as they aren't exposed in the kernel structures that ifconfig uses - https://www.hogarthuk.com/?q=node/6 Another example is when you have multiple interfaces and you have source policy routing (or similar advanced routing behaviour) that makes use of rules and multiple routing tables. The older route command is only capable of displaying the default main table, not the rest of the tables in use, but `ip route show table all` will give you all the routing tables in use on your system (even in a default install it's a lot more than the route command shows) and ip rule gives you the rules in use, if any. On a similar note bridge-utils is also deprecated, though brctl is ingrained into many minds! https://fedoramagazine.org/build-network-bridge-fedora/ Thanks for the info. I'll take a look at it. Again, thanks!
Still un-resolved. Could be wrong but I think its firewalld preventing me from accessing mail with roundcube. I'm getting Connection to storage server failed.>From roundcubemail log:[29-Jan-2017 16:45:05 -0500]: <4r5ccifn> IMAP Error: Login failed for tdukes from 192.168.1.102. AUTHENTICATE PLAIN: * BYE Internal error occurred. Refer to server log for more information. in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 197 (POST /?_task=login?_task=login&_action=login) There is absolutely nothing in the httpd logs. I telnet to localhost 143 or 993 and I can connect, telneting to 25 or 465, connection refused. Clearly, below, those services and ports are open as well as mysql. Ouput from: firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh urbackup-server ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: internal (active) target: default icmp-block-inversion: no interfaces: enp1s0 lo sources: services: dhcp dhcpv6 dhcpv6-client dns ftp http https imap imaps mdns mysql openvpn pop3 pop3s rsyncd samba samba-client smtp smtps ssh transmission-client urbackup-server ports: 465/tcp 20000/tcp 25/tcp 10000/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh urbackup-server ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: trusted (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dhcpv6-client dns ftp http https imap imaps mysql ntp openvpn pop3 pop3s rsyncd samba samba-client smtp smtps ssh transmission-client urbackup-server ports: 465/tcp 20000/tcp 25/tcp 10000/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: 10000/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: dhcp dhcpv6-client dns ftp http https imap imaps mysql pop3 pop3s rsyncd samba samba-client smtp smtps ssh transmission-client urbackup-server ports: 465/tcp 20000/tcp 25/tcp 10000/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: eno1 is on the public zone, lo is on the internal zone I can read mail with mutt and usermin. What am I missing? TIA