On 12/12/20 8:15 am, Lists wrote:
I've understood iptables well enough for a long, long time, and although I
think firewall-cmd is a poor replacement for iptables, I've always been able to
"get it to work" by comparing output with iptables -L or iptables -S and using
a direct-rule or two.
And this time, I'm just baffled.
I have a qemu VM running on a host. Postgresql runs on the host, and I'm
trying to connect to the Postgresql server on the host from the VM.
VM: loco
Host: tesla
1) If I turn OFF the firewall on tesla, I have no trouble connecting from loco.
tesla: systemctl stop firewalld
loco: psql -U postgres -h 192.168.122.1 # yay! connection!
2) If I turn ON the firewall on tesla, I can't connect NO MATTER WHAT I DO
tesla: systemctl start firewalld;
loco: psql -U postgres -h 192.168.122.1 # Connection refused
<snip>...
There are no REJECT rules not preceded by a wildcard ACCEPT, but I can't
connect with this config. But simply stopping host (tesla) firewalld allows me
to connect just fine.
I'd run tcpdump on the host where the firewall is deployed to see where
the packets are coming from:
tcpdump -l -n -i any port 5432 # assuming you are using standard pgsql port
Then compare that with what's in my ruleset to see which rule is blocking.
PS: I'm no longer on CentOS but I believe iptables/tcpdump are the same
on whichever Linux distro is installed.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
