CentOS7 firewalld ploblem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Dear Members,

Please tell me how can I fix this problem.

Against allow imap on firewalld, I cannot access to the server.

[root@speedex ~]# telnet 153.153.xxx.xxx 110
Trying 153.153.xxx.xxx...
telnet: connect to address 153.153.xxx.xxx: No route to host

After stopping forewalld I can access to the server.
[root@speedex ~]# telnet 153.153.xxx.xxx 110
Trying 153.153.xxx.xxx...
Connected to 153.153.xxx.xxx.
Escape character is '^]'.
+OK Dovecot ready.
^]
telnet> quit

I have attached nmcli and firewalld data. Please check it.
If you need more please tell me.

Tadao
[root@biz103 ~]# nmcli dev
DEVICE  TYPE      STATE      CONNECTION  
eth0    ethernet  connected  System-eth0 
eth1    ethernet  connected  Wired-eth1  
lo      loopback  unmanaged  --          


[root@biz103 ~]# nmcli dev show
GENERAL.DEVICE:                         eth0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         FA:16:3E:FA:CE:4A
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     System-eth0
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.1.5/24
IP4.ADDRESS[2]:                         153.153.xxx.xxx/32
IP4.GATEWAY:                            192.168.1.1
IP4.DNS[1]:                             8.8.8.8
IP4.DNS[2]:                             8.8.4.4
IP6.ADDRESS[1]:                         fe80::f816:3eff:xxxx:xxxx/64
IP6.GATEWAY:                            

GENERAL.DEVICE:                         eth1
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         FA:16:3E:AC:38:75
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     Wired-eth1
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         169.254.0.5/17
IP4.GATEWAY:                            
IP6.ADDRESS[1]:                         fe80::f816:3eff:feac:3875/64
IP6.GATEWAY:                            

GENERAL.DEVICE:                         lo
GENERAL.TYPE:                           loopback
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            65536
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
IP4.ADDRESS[1]:                         127.0.0.1/8
IP4.GATEWAY:                            
IP6.ADDRESS[1]:                         ::1/128
IP6.GATEWAY:                            


[root@biz103 ~]# nmcli c show System-eth0
connection.id:                          System-eth0
connection.uuid:                        b7a78410-4a1f-4ddb-a49a-9c559950d047
connection.interface-name:              eth0
connection.type:                        802-3-ethernet
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.timestamp:                   1468483684
connection.read-only:                   no
connection.permissions:                 
connection.zone:                        external
connection.master:                      --
connection.slave-type:                  --
connection.secondaries:                 
connection.gateway-ping-timeout:        0
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          yes
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.mac-address-blacklist:   
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            
ipv4.method:                            manual
ipv4.dns:                               8.8.8.8,8.8.4.4
ipv4.dns-search:                        
ipv4.addresses:                         192.168.1.5/24, 153.153.xxx.xxx/32
ipv4.gateway:                           192.168.1.1
ipv4.routes:                            
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv6.method:                            auto
ipv6.dns:                               
ipv6.dns-search:                        
ipv6.addresses:                         
ipv6.gateway:                           --
ipv6.routes:                            
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
GENERAL.NAME:                           System-eth0
GENERAL.UUID:                           b7a78410-4a1f-4ddb-a49a-9c559950d047
GENERAL.DEVICES:                        eth0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        yes
GENERAL.DEFAULT6:                       no
GENERAL.VPN:                            no
GENERAL.ZONE:                           external
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/2
GENERAL.SPEC-OBJECT:                    /
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         192.168.1.5/24
IP4.ADDRESS[2]:                         153.153.xxx.xxx/32
IP4.GATEWAY:                            192.168.1.1
IP4.DNS[1]:                             8.8.8.8
IP4.DNS[2]:                             8.8.4.4
IP6.ADDRESS[1]:                         fe80::f816:3eff:xxxx:xxxx/64
IP6.GATEWAY:                            

[root@biz103 ~]# firewall-cmd --zone=external --list-all
external (active)
  interfaces: eth0
  sources: 
  services: imaps pop3s ssh
  ports: 
  masquerade: yes
  forward-ports: 
  icmp-blocks: 
  rich rules: 

[root@biz103 ~]# ls -l /etc/firewalld
total 28
-rw-r--r--  1 root root  187 Jul 14 06:55 direct.xml
-rw-------  1 root root 1028 Jul 14 08:05 firewalld.conf
-rw-r-----  1 root root 1026 Mar  5  2015 firewalld.conf.old
drwxr-x---. 2 root root 4096 Mar  5  2015 icmptypes
-rw-r-----. 1 root root  271 Mar  5  2015 lockdown-whitelist.xml
drwxr-x---. 2 root root 4096 Mar  5  2015 services
drwxr-x---. 2 root root 4096 Jul 14 07:40 zones
[root@biz103 ~]# ls -l /etc/firewalld/zones
total 12
-rw-r--r--  1 root root 356 Jul 14 07:40 external.xml
-rw-r--r--  1 root root 330 Jul 14 07:40 external.xml.old
-rw-r--r--. 1 root root 315 Jun  1 06:04 public.xml
[root@biz103 ~]# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
  <rule priority="0" table="nat" ipv="ipv4" chain="POSTROUTING_direct">-s 192.168.1.5 -o eth0 -j SNAT --to 153.153.xxx.xxx</rule>
</direct>
[root@biz103 ~]# cat /etc/firewalld/zones/external.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>External</short>
  <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="pop3s"/>
  <service name="ssh"/>
  <service name="imaps"/>
  <masquerade/>
</zone>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux