Firewalld Trouble Opening A Port
Hey all,
I’m having a little trouble opening up a port on a C7 machine.
Here’s the default zone:
[root@appd:~] #firewall-cmd –get-default-zone home
So I try to add the port:
[root@appd:~] #firewall-cmd –zone=home –add-port=8181/tcp success
Then I reload firewalld:
[root@appd:~] #firewall-cmd –reload success
Simple! That should do it. Right? Well not quite.
Cuz when I telnet to that host on that port, it’s not connecting:
#telnet appd.mydomain.com 8181
Trying xx.xx.xx.xx… <---obscuring the real IP
telnet: connect to address xx.xx.xx.xx: Connection refused telnet: Unable to connect to remote host
Yet, that port is definitely listening on the host:
[root@appd:~] #lsof -i :8181
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper (LISTEN)
And if I stop the firewall momentarily :
I can telnet to that port from a remote location:
#telnet appd.mydomain.com 8181
Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'.
Of course I bring up the firewall right away once I'm done testing:
[root@appd:~] #systemctl start firewalld
[root@appd:~] #systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago Main PID: 18826 (firewalld)
CGroup: /system.slice/firewalld.service
└─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall daemon.
Any ideas on what I'm doing wrong?
Thanks, Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
4 thoughts on - Firewalld Trouble Opening A Port
I saw that you are doing firewall-cmd –reload; however you did not had the following:
firewall-cmd –permanent –zone=home –add-port=8181/tcp
The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use –permanent or do not reload.
Let me know if this helps.
—
Kind Regards Earl Ramirez
Hi Earl,
Thanks! That worked.
[root@appd:~] #firewall-cmd –zone=home –list-ports
[root@appd:~] #firewall-cmd –zone=home –add-port=8181/tcp –permanent success
[root@appd:~] #firewall-cmd –reload success
[root@appd:~] #firewall-cmd –zone=home –list-ports
8181/tcp
#telnet appd.mydomain.com 8181
Trying xx.xx.xx.xx… Connected to appd.mydomain.com. Escape character is ‘^]’.
—
GPG me!!
gpg –keyserver pool.sks-keyservers.net –recv-keys F186197B
Just remember that the permanent command doesn’t add the rule immediately, so it doesn’t take effect *until* you reload.
you can also do this:
# firewall-cmd –zone=home –add-port
That’s a very excellent point! I’ll have to remember that. I’ve read a few guides on how to use firewall-cmd on CentOS 7, but I haven’t seem this tip mentioned anywhere!
So thanks for pointing that out!