Dear Members, Please tell me how can I fix this problem. Against allow imap on firewalld, I cannot access to the server. [root@speedex ~]# telnet 153.153.xxx.xxx 110 Trying 153.153.xxx.xxx... telnet: connect to address 153.153.xxx.xxx: No route to host After stopping forewalld I can access to the server. [root@speedex ~]# telnet 153.153.xxx.xxx 110 Trying 153.153.xxx.xxx... Connected to 153.153.xxx.xxx. Escape character is '^]'. +OK Dovecot ready. ^] telnet> quit I have attached nmcli and firewalld data. Please check it. If you need more please tell me. Tadao
[root@biz103 ~]# nmcli dev DEVICE TYPE STATE CONNECTION eth0 ethernet connected System-eth0 eth1 ethernet connected Wired-eth1 lo loopback unmanaged -- [root@biz103 ~]# nmcli dev show GENERAL.DEVICE: eth0 GENERAL.TYPE: ethernet GENERAL.HWADDR: FA:16:3E:FA:CE:4A GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: System-eth0 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.1.5/24 IP4.ADDRESS[2]: 153.153.xxx.xxx/32 IP4.GATEWAY: 192.168.1.1 IP4.DNS[1]: 8.8.8.8 IP4.DNS[2]: 8.8.4.4 IP6.ADDRESS[1]: fe80::f816:3eff:xxxx:xxxx/64 IP6.GATEWAY: GENERAL.DEVICE: eth1 GENERAL.TYPE: ethernet GENERAL.HWADDR: FA:16:3E:AC:38:75 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: Wired-eth1 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 169.254.0.5/17 IP4.GATEWAY: IP6.ADDRESS[1]: fe80::f816:3eff:feac:3875/64 IP6.GATEWAY: GENERAL.DEVICE: lo GENERAL.TYPE: loopback GENERAL.HWADDR: 00:00:00:00:00:00 GENERAL.MTU: 65536 GENERAL.STATE: 10 (unmanaged) GENERAL.CONNECTION: -- GENERAL.CON-PATH: -- IP4.ADDRESS[1]: 127.0.0.1/8 IP4.GATEWAY: IP6.ADDRESS[1]: ::1/128 IP6.GATEWAY: [root@biz103 ~]# nmcli c show System-eth0 connection.id: System-eth0 connection.uuid: b7a78410-4a1f-4ddb-a49a-9c559950d047 connection.interface-name: eth0 connection.type: 802-3-ethernet connection.autoconnect: yes connection.autoconnect-priority: 0 connection.timestamp: 1468483684 connection.read-only: no connection.permissions: connection.zone: external connection.master: -- connection.slave-type: -- connection.secondaries: connection.gateway-ping-timeout: 0 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: yes 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.mac-address-blacklist: 802-3-ethernet.mtu: auto 802-3-ethernet.s390-subchannels: 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: ipv4.method: manual ipv4.dns: 8.8.8.8,8.8.4.4 ipv4.dns-search: ipv4.addresses: 192.168.1.5/24, 153.153.xxx.xxx/32 ipv4.gateway: 192.168.1.1 ipv4.routes: ipv4.route-metric: -1 ipv4.ignore-auto-routes: no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id: -- ipv4.dhcp-send-hostname: yes ipv4.dhcp-hostname: -- ipv4.never-default: no ipv4.may-fail: yes ipv6.method: auto ipv6.dns: ipv6.dns-search: ipv6.addresses: ipv6.gateway: -- ipv6.routes: ipv6.route-metric: -1 ipv6.ignore-auto-routes: no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: -1 (unknown) ipv6.dhcp-send-hostname: yes ipv6.dhcp-hostname: -- GENERAL.NAME: System-eth0 GENERAL.UUID: b7a78410-4a1f-4ddb-a49a-9c559950d047 GENERAL.DEVICES: eth0 GENERAL.STATE: activated GENERAL.DEFAULT: yes GENERAL.DEFAULT6: no GENERAL.VPN: no GENERAL.ZONE: external GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/2 GENERAL.SPEC-OBJECT: / GENERAL.MASTER-PATH: -- IP4.ADDRESS[1]: 192.168.1.5/24 IP4.ADDRESS[2]: 153.153.xxx.xxx/32 IP4.GATEWAY: 192.168.1.1 IP4.DNS[1]: 8.8.8.8 IP4.DNS[2]: 8.8.4.4 IP6.ADDRESS[1]: fe80::f816:3eff:xxxx:xxxx/64 IP6.GATEWAY: [root@biz103 ~]# firewall-cmd --zone=external --list-all external (active) interfaces: eth0 sources: services: imaps pop3s ssh ports: masquerade: yes forward-ports: icmp-blocks: rich rules: [root@biz103 ~]# ls -l /etc/firewalld total 28 -rw-r--r-- 1 root root 187 Jul 14 06:55 direct.xml -rw------- 1 root root 1028 Jul 14 08:05 firewalld.conf -rw-r----- 1 root root 1026 Mar 5 2015 firewalld.conf.old drwxr-x---. 2 root root 4096 Mar 5 2015 icmptypes -rw-r-----. 1 root root 271 Mar 5 2015 lockdown-whitelist.xml drwxr-x---. 2 root root 4096 Mar 5 2015 services drwxr-x---. 2 root root 4096 Jul 14 07:40 zones [root@biz103 ~]# ls -l /etc/firewalld/zones total 12 -rw-r--r-- 1 root root 356 Jul 14 07:40 external.xml -rw-r--r-- 1 root root 330 Jul 14 07:40 external.xml.old -rw-r--r--. 1 root root 315 Jun 1 06:04 public.xml [root@biz103 ~]# cat /etc/firewalld/direct.xml <?xml version="1.0" encoding="utf-8"?> <direct> <rule priority="0" table="nat" ipv="ipv4" chain="POSTROUTING_direct">-s 192.168.1.5 -o eth0 -j SNAT --to 153.153.xxx.xxx</rule> </direct> [root@biz103 ~]# cat /etc/firewalld/zones/external.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>External</short> <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="pop3s"/> <service name="ssh"/> <service name="imaps"/> <masquerade/> </zone>
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos