Hi Kenneth,
On 22-12-2021 22:39, Kenneth Porter wrote:
--On Wednesday, December 22, 2021 8:03 PM +0100 Patrick via CentOS
wrote:
Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4"
source NOT address="46.23.XX.0/24" forward-port port="53" protocol="udp"
to-port="60053" to-add
--On Wednesday, December 22, 2021 8:03 PM +0100 Patrick via CentOS
wrote:
Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4"
source NOT address="46.23.XX.0/24" forward-port port="53" protocol="udp"
to-port="60053" to-addr="46.23.XX.53"
If you don't get help here, you might t
Hi,
I have some ansible roles which each create some firewalld rich-rules.
For ansible idempotency I tried to remove any dns related rich-rules
before creating the ones in the playbook. After some searching I came up
with this:
#!/bin/bash
OLDIFS=$IFS
IFS=''
while read -r line; do firewall-c
W dniu pon, 08.02.2021 o godzinie 15∶30 -0500, użytkownik Jonathan
Billings napisał:
> On Mon, Feb 08, 2021 at 06:19:07PM +0100, Łukasz Posadowski wrote:
> >
> >
> > Hi.
> >
> > I have a little trouble with firewalld. I'm trying to open some
> > ports
> > for monitoring server, but it's in the s
On Mon, Feb 08, 2021 at 06:19:07PM +0100, Łukasz Posadowski wrote:
>
>
> Hi.
>
> I have a little trouble with firewalld. I'm trying to open some ports
> for monitoring server, but it's in the same network as "home" zone:
>
> Monitored host (192.168.111.60):
>
> lukasz @ strategie 17:52:19 ~ $
Hi.
I have a little trouble with firewalld. I'm trying to open some ports
for monitoring server, but it's in the same network as "home" zone:
Monitored host (192.168.111.60):
lukasz @ strategie 17:52:19 ~ $
-> sudo firewall-cmd --get-active
home
sources: 192.168.111.0/24
(open ports 22
Am 09.06.20 um 15:27 schrieb Chris Adams:
Once upon a time, Jonathan Billings said:
'iptables' and 'nftables' are competing technologies. In CentOS 8,
firewalld's backend was switched from iptables to nftables. So it
would be expected that the iptables command wouldn't have any rules
defined,
Once upon a time, Jonathan Billings said:
> 'iptables' and 'nftables' are competing technologies. In CentOS 8,
> firewalld's backend was switched from iptables to nftables. So it
> would be expected that the iptables command wouldn't have any rules
> defined, it isn't being used by firewalld.
T
On Tue, 9 Jun 2020 at 08:19, Leon Fauster via CentOS
wrote:
> Despite that the migration of our applications comes with a significant
> workload. It seems that also every aspect of common services had changed
> with EL8.
>
> In EL8 firewalld uses nftables as backend. I wonder why iptables does
>
On Tue, Jun 09, 2020 at 02:19:17PM +0200, Leon Fauster via CentOS wrote:
>
> Despite that the migration of our applications comes with a significant
> workload. It seems that also every aspect of common services had changed
> with EL8.
>
> In EL8 firewalld uses nftables as backend. I wonder why ip
Despite that the migration of our applications comes with a significant
workload. It seems that also every aspect of common services had changed
with EL8.
In EL8 firewalld uses nftables as backend. I wonder why iptables does
not list any rules while also configured to use nftables as backend.
On 24/03/2020 18:26, Jerry Geis wrote:
it looks like it does work - it just takes a REAL long time to load with
"many" entries in the file.
iptables was never slow. firewalld seems inefficient.
I was able to add the line - restart the firewall, (wait) - see my packets
dropped - remove the line -
it looks like it does work - it just takes a REAL long time to load with
"many" entries in the file.
iptables was never slow. firewalld seems inefficient.
I was able to add the line - restart the firewall, (wait) - see my packets
dropped - remove the line -
restart the firewall (wait) and able to
HI All - I created a /etc/firewalld/direct.xml file and put in it :
-s
192.168.1.8 -j blacklist
I rebooted, so then from the 192.168.1.8 machine I tried to ping the
machine. I responds.
I was expecting it not to respond?
What do I not have right with the direct.xml file ?
--On Friday, December 14, 2018 11:48 PM -0500 Jon LaBadie
wrote:
I don't play with iptables, so I assume it is a legacy
continued from CentOS 6.x. I'll gladly remove the
iptables service package.
firewalld is a user-space layer on top of the kernel's iptables machinery.
It provides for dyn
--On Friday, December 14, 2018 11:48 PM -0500 Jon LaBadie
wrote:
https://pastebin.com/njaqR87f
The rule names all look like standard builtins. Are the iptables modules
loading into the kernel? Run lsmod and post that to pastebin. (I don't know
what loads the firewall modules in CentOS 7
On Fri, Dec 14, 2018 at 04:55:33PM -0800, Kenneth Porter wrote:
> --On Friday, December 14, 2018 5:57 PM -0500 Jon LaBadie
> wrote:
>
> > Well, there are about 20 of them and several screen widths
> > long. However they all end with one of two reasons:
> >
> > : No chain/target/match by that
On 12/14/18 2:57 PM, Jon LaBadie wrote:
Well, there are about 20 of them and several screen widths
long. However they all end with one of two reasons:
: No chain/target/match by that name.
: Bad rule (does a matching rule exist in that chain?).
If you don't include the errors, all we c
--On Friday, December 14, 2018 5:57 PM -0500 Jon LaBadie
wrote:
Well, there are about 20 of them and several screen widths
long. However they all end with one of two reasons:
: No chain/target/match by that name.
: Bad rule (does a matching rule exist in that chain?).
Put them on a pas
On Dec 14, 2018, at 3:57 PM, Jon LaBadie wrote:
>
> : Bad rule (does a matching rule exist in that chain?).
That makes sense: the old iptables service installed several default chains,
and firewalld does as well, but they’re not named the same, and I doubt there’s
a 1:1 mapping between them.
On Fri, Dec 14, 2018 at 03:14:12PM -0700, Warren Young wrote:
> On Dec 14, 2018, at 2:30 PM, Jon LaBadie wrote:
> >
> > After a recent large update, firewalld's status contains
> > many lines of the form:
> >
> > WARNING: COMMAND_FAILED: '/usr/sbin/iptables…
>
> What’s the rest of the command?
On Dec 14, 2018, at 3:14 PM, Warren Young wrote:
>
>alias fcp="sudo firewall-cmd —permanent"
These commands are top-of-mind for me at the moment because I just configured a
Raspberry Pi based network appliance at home, and installed firewalld on it for
the purpose because I like it so much
On Dec 14, 2018, at 2:30 PM, Jon LaBadie wrote:
>
> After a recent large update, firewalld's status contains
> many lines of the form:
>
> WARNING: COMMAND_FAILED: '/usr/sbin/iptables…
What’s the rest of the command?
> Checking iptables.service status shows it to be masked.
That’s probably f
After a recent large update, firewalld's status contains
many lines of the form:
WARNING: COMMAND_FAILED: '/usr/sbin/iptables...
Checking iptables.service status shows it to be masked.
I realize that firewalld uses iptables, but should it
be enabled and started as a service?
Jon
--
Jon H. La
On 12/19/2017 3:55 PM, Emmett Culley wrote:
That was the clue I needed.
I'm fighting a firewalld mystery myself, mostly a result of not really
understanding the philosophy of the thing and trying to sleuth it out by
black boxing it. But fortunately this is open source, so I'm also
grepping t
On 12/19/2017 03:37 PM, Louis Lagendijk wrote:
> On Tue, 2017-12-19 at 15:05 -0800, Emmett Culley wrote:
>> I have two VMs, both with firewalld installed. One on machine It
>> this in the IN_public chain:
>>
>> Chain IN_public (2 references)
>> pkts bytes target prot opt
>> in out so
On Tue, 2017-12-19 at 15:05 -0800, Emmett Culley wrote:
> I have two VMs, both with firewalld installed. One on machine It
> this in the IN_public chain:
>
> Chain IN_public (2 references)
> pkts bytes target prot opt
> in out source destination
>81 3423 I
I have two VMs, both with firewalld installed. One on machine It this in the
IN_public chain:
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
81 3423 IN_public_log all -- * * 0.0.0.0/0
0.0.0.0/
Dear Alexander,
Thank you.
Tadao
2017-07-31 1:25 GMT+09:00 Alexander Dalloz :
> Am 30.07.2017 um 07:06 schrieb 望月忠雄:
>
>> Please teach me one more.
>> By 'firewall-cmd --list' its answer is following.
>>
>> external (active)
>>target: default
>>icmp-block-inversion: no
>>interfaces
Am 30.07.2017 um 07:06 schrieb 望月忠雄:
Please teach me one more.
By 'firewall-cmd --list' its answer is following.
external (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dns ftp http https imaps pop3s smtp ssh
ports: 110/tcp 21/tcp 2/tc
Dear Gordon Messmer,
Thank you.
Please teach me one more.
By 'firewall-cmd --list' its answer is following.
external (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dns ftp http https imaps pop3s smtp ssh
ports: 110/tcp 21/tcp 2/tcp 106/tcp 5
On 07/27/2017 06:36 PM, 望月忠雄 wrote:
But by ss -nat, IPV4 443 is not listend. How can I fix?
# ss -nat | grep LISTEN | grep 443
LISTEN 0 128 :::443 :::*
By default, Linux processes that listen on an IPv6 port will also listen
on the IPv4 port (when no spec
Dear Jonathan,
Thank you.
Apache is running. And I can access by https(IPV4 443).
Please tell me which configuration I need to check.
Tadao
2017-07-28 10:52 GMT+09:00 Jonathan Billings :
> On Jul 27, 2017, at 9:36 PM, 望月忠雄 wrote:
> >
> > On CentOS7 I have following firewalld setting.
> >
> >
On Jul 27, 2017, at 9:36 PM, 望月忠雄 wrote:
>
> On CentOS7 I have following firewalld setting.
>
> external (active)
> target: default
> icmp-block-inversion: no
> interfaces: eth0
> sources:
> services: dns ftp http https imaps pop3s smtp ssh
> ports: 110/tcp 21/tcp 2/tcp 106/tcp 53/tcp
On CentOS7 I have following firewalld setting.
external (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dns ftp http https imaps pop3s smtp ssh
ports: 110/tcp 21/tcp 2/tcp 106/tcp 53/tcp 990/tcp 5432/tcp 8447/tcp
113/tcp 143/tcp 3306/tcp 5224/t
I'm trying to figure out how to use firewalld on CentOS 7 to block access
to ssh (on a custom port to control log bloat) and smtp submission except
for specific source addresses, using ipset. I haven't been able to figure
out how to combine a port number or service name with an ipset, either as
On 30 March 2017 at 19:47, Mark Milhollan wrote:
> On Wed, 29 Mar 2017, Robert Moskowitz wrote:
>>On 03/29/2017 07:38 AM, Leon Fauster wrote:
>
>>>We have good results with http://www.shorewall.net/ an iptables
>>>"abstraction".
>>>Despite its not a GUI, the streamlined configuration helps to be e
On Wed, 29 Mar 2017, Robert Moskowitz wrote:
>On 03/29/2017 07:38 AM, Leon Fauster wrote:
>>We have good results with http://www.shorewall.net/ an iptables
>>"abstraction".
>>Despite its not a GUI, the streamlined configuration helps to be effective.
>
>From what I can determine, it is still iptab
On 03/29/2017 07:38 AM, Leon Fauster wrote:
Am 27.03.2017 um 21:03 schrieb Robert Moskowitz :
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper
SSG5 firewall...
And along that line, what overlap, i
Am 27.03.2017 um 21:03 schrieb Robert Moskowitz :
>
> Is there an Apache tool to manage firewalld on a headless server?
>
> I am looking forward to my next Centos project which is to replace my Juniper
> SSG5 firewall...
>
> And along that line, what overlap, if any between firewalld and Surica
James B. Byrne wrote:
>
> On Mon, March 27, 2017 17:31, m.r...@5-cent.us wrote:
>> Mike wrote:
>>> Nice catch, Mr. Schumacher ---> The following modules are included as
standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz
Configure a Linux firewall using FirewallD, by editing allowed
On Mon, March 27, 2017 17:31, m.r...@5-cent.us wrote:
> Mike wrote:
>> Nice catch, Mr. Schumacher ---> The following modules are included
>> as
>> standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz
>> Configure a Linux firewall using FirewallD, by editing allowed
>> services and po
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of John R Pierce
> Sent: den 28 mars 2017 09:28
> To: centos@centos.org
> Subject: Re: [CentOS] firewalld management on a headless server
>
> On 3/27/2017 10:20 PM, Sorin Srbu wrote:
On 3/27/2017 10:20 PM, Sorin Srbu wrote:
That reminded me about Smoothwall I used to use a few years back.
Wasn't pfsense related to Smoothwall, maybe even a fork?
smoothwall is linux based.
m0n0wall was a BSD firewall that pfSense forked from back in 2004.
--
john r pierce, recycling bit
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Valeri
> Galtsev
> Sent: den 27 mars 2017 23:43
> To: CentOS mailing list
> Subject: Re: [CentOS] firewalld management on a headless server
>
>
> On Mon, March 27, 2017 3:58
On 03/27/2017 09:23 PM, Mike wrote:
Webmin used to be considered insecure, and people would scream and yell if
you suggested using it. Has that changed?
mark
Ahh, I did not know of this.
Well, I'm back to suggesting OP take a little time and get comfortable with
firewall-cmd in the te
Webmin used to be considered insecure, and people would scream and yell if
you suggested using it. Has that changed?
mark
Ahh, I did not know of this.
Well, I'm back to suggesting OP take a little time and get comfortable with
firewall-cmd in the terminal. If we want our solid redhat clone
On 27/03/17 22:43, Valeri Galtsev wrote:
On Mon, March 27, 2017 3:58 pm, Mike wrote:
I don't think it's going to give you a web-based firewall configuration
tool.
Firewall/router system I use is pfSense:
https://pfsense.org/
It has nice web interface for configuration of everything, based o
On 03/27/2017 02:31 PM, m.r...@5-cent.us wrote:
Has that changed?
That answer is probably subjective. I'll probably never trust it, but
the number of recent known critical exploits isn't as high as it used to be:
https://www.cvedetails.com/vulnerability-list/vendor_id-358/Webmin.html
On Mon, March 27, 2017 3:58 pm, Mike wrote:
> I don't think it's going to give you a web-based firewall configuration
> tool.
Firewall/router system I use is pfSense:
https://pfsense.org/
It has nice web interface for configuration of everything, based on
FreeBSD (very slim, lightweight, small
Mike wrote:
> Nice catch, Mr. Schumacher ---> The following modules are included as
> standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz
> Configure a Linux firewall using FirewallD, by editing allowed
> services and ports.
>
> This is likely the right tool for the job.
>
Webmin use
yum (CentOS/RedHat/Fedora)
By adding the Webmin repository and Jamie Cameron's key, it is
possible to install & maintain the latest Webmin/Usermin versions.
The following will install the latest Webmin version by adding the
webmin-repo and corresponding GPG key. Yum will resolve all the
necessary
Nice catch, Mr. Schumacher ---> The following modules are included as
standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz
Configure a Linux firewall using FirewallD, by editing allowed
services and ports.
This is likely the right tool for the job.
On Mon, Mar 27, 2017 at 5:00 PM, M
Hi,
> I recently converted my employer's firewall from pure iptabes to
> firewalld and looked for something similar, more along the lines of
> webmin, etc.
funny,
my webmin installation on a banana-pi has webmin 1.831, which has
support for firewalld.
I am not sure, but I believe I got it direct
I don't think it's going to give you a web-based firewall configuration tool.
It does allow you to control/configure networking hardware and devices
via NetworkManager, but I don't believe it goes further than that for
networking.
Ironically, it does provide a an ssh-like session terminal where you
On 03/27/2017 03:24 PM, Mike wrote:
I recently converted my employer's firewall from pure iptabes to
firewalld and looked for something similar, more along the lines of
webmin, etc.
I didn't find anything close to a match.
In the end, it all came down to getting comfortable with
"firewall-cmd"
I recently converted my employer's firewall from pure iptabes to
firewalld and looked for something similar, more along the lines of
webmin, etc.
I didn't find anything close to a match.
In the end, it all came down to getting comfortable with
"firewall-cmd" in the shell.
Haven't used suricata, so
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my
Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
thank you
___
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Pete Biggs
> Sent: Sunday, January 29, 2017 8:27 PM
> To: centos@centos.org
> Subject: Re: [CentOS] firewalld
>
>
> > Last login attempt from roundcube
> >
> > Ja
> Last login attempt from roundcube
>
> Jan 29 16:38:08 ts130 dovecot: imap-login: Login: user=,
> method=PLAIN, rip=::1, lip=::1, mpid=2076, secured,
> session=
> Jan 29 16:38:08 ts130 dovecot: imap(tdukes): Error: user tdukes:
> Initialization failed: Namespace '': Mail storage autodetection fa
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Fred Smith
> Sent: Sunday, January 29, 2017 7:07 PM
> To: centos@centos.org
> Subject: Re: [CentOS] firewalld
>
> On Sun, Jan 29, 2017 at 04:54:02PM -0500, TE Dukes wrote:
> >
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Gordon
> Messmer
> Sent: Sunday, January 29, 2017 6:56 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] firewalld
>
> On 01/29/2017 01:54 PM, TE Dukes wrote:
> > I telne
On Sun, Jan 29, 2017 at 04:54:02PM -0500, TE Dukes wrote:
> Still un-resolved. Could be wrong but I think its firewalld preventing me
> from accessing mail with roundcube.
as someone else already suggested, did you turn selinux off temporarily
"setenforce 0" to see if it still fails?
I've had se
On 01/29/2017 01:54 PM, TE Dukes wrote:
I telnet to localhost 143 or 993 and I can connect, telneting to 25 or 465,
connection refused.
As I mentioned before: firewalld allows all traffic to localhost. If
you're getting connection refused, then those services aren't running.
As for dealin
Still un-resolved. Could be wrong but I think its firewalld preventing me
from accessing mail with roundcube.
I'm getting Connection to storage server failed.
>From roundcubemail log:
[29-Jan-2017 16:45:05 -0500]: <4r5ccifn> IMAP Error: Login failed for tdukes
from 192.168.1.102. AUTHENTICATE P
On 1/27/2017 6:01 PM, TE Dukes wrote:
I can't figure out all these zones. I opened imap, imaps, pop3, pop3s, smtp,
smtps in zones internal, trusted and public.
I still get connection refused.
I telnet localhost 143, I get connection refused.
the firewall is more likely to give you connection
-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of James Hogarth
Sent: Saturday, January 28, 2017 10:43 AM
To: CentOS mailing list
Subject: Re: [CentOS] firewalld
On 28 January 2017 at 13:44, Mike McCarthy, W1NR wrote:
> firewalld isn't the only th
On 28 January 2017 at 13:44, Mike McCarthy, W1NR wrote:
> firewalld isn't the only thing that will prevent services from accessing
> the internet. I found that I needed to do a relabel before postfix could
> access DNS and I have seen other issues as well. Have you tried
> disabling the firewall t
On 28 January 2017 at 12:01, TE Dukes wrote:
>
>
>> -Original Message-
>> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of James
>> Hogarth
>> Sent: Saturday, January 28, 2017 4:18 AM
>> To: CentOS mailing list
>> Subject: Re: [Cent
-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Mike McCarthy,
W1NR
Sent: Saturday, January 28, 2017 8:45 AM
To: CentOS mailing list
Subject: Re: [CentOS] firewalld
firewalld isn't the only thing that will prevent services from accessing the
intern
ike
On 01/28/2017 07:11 AM, TE Dukes wrote:
>
>> -Original Message-
>> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Pete Biggs
>> Sent: Saturday, January 28, 2017 6:02 AM
>> To: centos@centos.org
>> Subject: Re: [CentOS] firewalld
>>
&
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Pete Biggs
> Sent: Saturday, January 28, 2017 6:02 AM
> To: centos@centos.org
> Subject: Re: [CentOS] firewalld
>
>
> >
> > The zone apparently means something because
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of James
> Hogarth
> Sent: Saturday, January 28, 2017 4:18 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] firewalld
>
> On 28 Jan 2017 3:02 am, "TE Dukes" wrote:
>
> The zone apparently means something because an interface can only be on one.
> Moving it to a different zone results in the same error (same services/ports
> opened in each zone).
The "zones" are just labels and are used to create kernel iptables.
Each zone has a default set of open and clos
On 28 Jan 2017 3:02 am, "TE Dukes" wrote:
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Gordon
> Messmer
> Sent: Friday, January 27, 2017 9:23 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] firewalld
>
> On 0
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Gordon
> Messmer
> Sent: Friday, January 27, 2017 9:23 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] firewalld
>
> On 01/27/2017 06:01 PM, TE Dukes wrote:
> >
On 01/27/2017 06:01 PM, TE Dukes wrote:
I telnet localhost 143, I get connection refused.
What zone is used for the local network and what zone is used for outside
access?
All traffic from localhost is allowed. No zone is involved.
The zone for "outside" access depends on which interface rec
Got 7.3 installed Wednesday, things went so so.
Been working on getting roundcubemail setup and firewalld is kicking my
butt.
I can't figure out all these zones. I opened imap, imaps, pop3, pop3s, smtp,
smtps in zones internal, trusted and public.
I still get connection refused.
I telnet localh
hi
how much different iptables are in 7 from 6 I'm just
learning, I expected that since IFs belong to the same zone
traffic between them would pass, be forwarded without any
extra settings/configuration but, I'm wrong it turns out.
Am I missing something and there actually is a simple way,
des
Dear members,
Please tell me what's wrong.
After setig firewalld, I got fail on cloud-init with reboot.
The server is rebooted, but I cannot access from internet.
Before reboot I can access form internet.
And before setig firewalld, there's no problem on reboot.
/var/log/cloud-init.log shows foll
On 05/05/2016 09:15 AM, Marcin Trendota wrote:
Howdy
I'm trying to run FTP server behind firewall. And i can't enable passive
mode from the Internet. There are plenty howtos but there aren't many
with my combination.
For now i have configured port forwarding and ftp server itself.
On the route
On 5 May 2016 4:54 p.m., "Gordon Messmer" wrote:
>
> On 05/05/2016 06:15 AM, Marcin Trendota wrote:
>>
>> Also this IP looks weird - shouldn't it be public IP?
>
>
>
> Yes, it should. Are you using FTPS (FTP with TLS)?
>
> You probably need to set the pasv_address option.
>
>
>
Although of cours
On 05/05/2016 06:15 AM, Marcin Trendota wrote:
Also this IP looks weird - shouldn't it be public IP?
Yes, it should. Are you using FTPS (FTP with TLS)?
You probably need to set the pasv_address option.
___
CentOS mailing list
CentOS@centos.org
htt
Howdy
I'm trying to run FTP server behind firewall. And i can't enable passive
mode from the Internet. There are plenty howtos but there aren't many
with my combination.
For now i have configured port forwarding and ftp server itself.
On the router:
# firewall-cmd --list-all --zone=external
exte
On 04/21/2016 03:28 PM, Marcin Trendota wrote:
Also, you probably should specify tun+ instead of tun0, even if you
>think there will only be one tunnel up at any given time.
Specify where?
firewall-cmd --zone=home --add-interface=tun+
Beyond that, I can't really tell what firewalld is doing w
Hi Marcin,
Please check your openvpn config file of Port number then check your
firewalld config on the same port allowed or not.
On Fri, Apr 22, 2016 at 6:28 AM, Marcin Trendota
wrote:
> On Thursday 21 of April 2016 2:37:49 PM Gordon Messmer wrote:
> > On 04/21/2016 01:33 PM, Marcin Trendota wr
On Thursday 21 of April 2016 2:37:49 PM Gordon Messmer wrote:
> On 04/21/2016 01:33 PM, Marcin Trendota wrote:
> > It's OpenVPN on chamber.
> What port is it using? I don't see the standard port listed in your
> firewalld rules in either zone.
1194/udp. I added service openvpn and port 1194/udp (
On 04/21/2016 01:33 PM, Marcin Trendota wrote:
It's OpenVPN on chamber.
What port is it using? I don't see the standard port listed in your
firewalld rules in either zone.
Also, you probably should specify tun+ instead of tun0, even if you
think there will only be one tunnel up at any give
On Thursday 21 of April 2016 9:08:09 AM Gordon Messmer wrote:
> On 04/21/2016 03:11 AM, Marcin Trendota wrote:
> > But from host in another location (connected through VPN):
> What host serves the VPN? If it's another host, how is that host
> connected to the router? If it's "chamber," what type
On 04/21/2016 03:11 AM, Marcin Trendota wrote:
But from host in another location (connected through VPN):
What host serves the VPN? If it's another host, how is that host
connected to the router? If it's "chamber," what type of VPN is it?
___
Cent
Hello everybody.
Recently i moved external interface to zone "external" on my home
server/router. And something strange is hapening. From my router
(chamber, CentOS7) everything is fine:
[root@chamber ~]# firewall-cmd --list-all
home (default, active)
interfaces: enp3s0 tun0 virbr0
sources:
On 25 March 2016 at 16:31, Matthew Miller wrote:
> On Fri, Mar 25, 2016 at 11:26:17AM +, Timothy Murphy wrote:
> > >> I'n wondering if it is possible to have Centos-7 automatically change
> > >> firewall zones, depending on the network we conect to.
> > > The way to do this is changing the zo
On Fri, Mar 25, 2016 at 11:26:17AM +, Timothy Murphy wrote:
> >> I'n wondering if it is possible to have Centos-7 automatically change
> >> firewall zones, depending on the network we conect to.
> > The way to do this is changing the zone for the network in
> > NetworkManager.
> Are there two d
Matthew Miller wrote:
>> I'n wondering if it is possible to have Centos-7 automatically change
>> firewall zones, depending on the network we conect to.
> The way to do this is changing the zone for the network in
> NetworkManager.
Are there two different ways of setting firewalld zones,
in fire
On Thu, Mar 24, 2016 at 06:39:37PM -0400, Matthew Miller wrote:
Thanks for the info, Matthew!
Fred
> On Thu, Mar 24, 2016 at 02:01:55PM -0400, Fred Smith wrote:
> > I'n wondering if it is possible to have Centos-7 automatically change
> > firewall zones, depending on the network we conect to.
>
On Thu, Mar 24, 2016 at 09:18:16PM +, James Hogarth wrote:
Thanks, James, that looks pretty good. I'll look into it and probably
give it a try.
Fred
> On 24 March 2016 at 18:01, Fred Smith wrote:
>
> > Hi all!
> >
> > I'n wondering if it is possible to have Centos-7 automatically change
> >
On Thu, Mar 24, 2016 at 02:01:55PM -0400, Fred Smith wrote:
> I'n wondering if it is possible to have Centos-7 automatically change
> firewall zones, depending on the network we conect to.
The way to do this is changing the zone for the network in
NetworkManager. (This works easily for wifi networ
On 24 March 2016 at 18:01, Fred Smith wrote:
> Hi all!
>
> I'n wondering if it is possible to have Centos-7 automatically change
> firewall zones, depending on the network we conect to.
>
> my default zone is "home" and it has some ports open that probably
> shouldn't be open when I'm on someone
Hi all!
I'n wondering if it is possible to have Centos-7 automatically change
firewall zones, depending on the network we conect to.
my default zone is "home" and it has some ports open that probably
shouldn't be open when I'm on someone elose's network.
so I'm thinking that if there's a way to
These machines have only had firewalld configured. Currently firewalld version
0.3.9-14.el7 is installed, and in this particular case, the server is fully up
to date. If I run iptables -nvL I see this for the first chain:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target pr
1 - 100 of 166 matches
Mail list logo
