Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to open firewall port for external traffic.
Top Forums Shell Programming and Scripting Unable to open firewall port for external traffic. Post 303027410 by mohtashims on Saturday 15th of December 2018 06:29:07 AM
Old 12-15-2018
Unable to open firewall port for external traffic.
Below is what i did to open the firewall port on

Code:
[root@vultr ~]# sudo firewall-cmd --zone=public --add-port=27012/tcp --permanent
Warning: ALREADY_ENABLED: 27012:tcp
success
[root@vultr ~]# sudo firewall-cmd --reload
success
[root@vultr ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh http https
  ports: 80/tcp 27012/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

[root@vultr ~]# uname -a
Linux vultr.guest 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

When i telnet to the servers IP:Port it fails

Code:
telnet 45.76.142.202 27012
Connecting To 45.76.142.202...Could not open connection to the host, on port 27012: Connect failed

It however does connect to port 80
Code:
telnet 45.76.142.202 80

Can you please help me get firewall port 27012 connect externally just the way port 80 is connecting ?
 

10 More Discussions You Might Find Interesting

1. Solaris

How to open SSH port on firewall?

Hi, So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years. We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Discussion started by: pjewett
3 Replies

2. Linux

using firewall to block port

Hi, I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
Discussion started by: shantanuo
8 Replies

3. Solaris

Unable to open 3966 port in solaris

Unable to open 3966 port for buildforge in Solaris 10, anyone pls help me how to open the 3966 port in solaris. Thanks in Advance (1 Reply)
Discussion started by: durgaprasadr13
1 Replies

4. IP Networking

blocking traffic to destination network by port

I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0 Shouldn't this work?: iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies

5. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

6. UNIX for Advanced & Expert Users

Linux bridged firewall - monitor traffic & block IP

Hi All, I successfully configured a DEBIAN Lenny bridged firewall using ebtables. The bridged interface is br0. The ethernet interface are eth0 & eth1 respectively. All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers. Can... (1 Reply)
Discussion started by: coolatt
1 Replies

7. UNIX for Dummies Questions & Answers

Rsync port and firewall

hi guys I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem and customer will be using rsync to sync backups among other things I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Discussion started by: karlochacon
1 Replies

8. Red Hat

Unable to Open port 8080

Hi Experts, I am receiving below error while trying to connect port 8080. Could not open connection to the host, on port 8080 : connection refused. iptables configuration /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of... (1 Reply)
Discussion started by: sai_2507
1 Replies

9. Infrastructure Monitoring

How do I know what traffic is in network port?

If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ? ps. because I always found the network is very slow , so I would like what the network port is doing . Thanks Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Discussion started by: ust03
0 Replies

10. AIX

How to re-route traffic from one port to another?

Hi Friends, How to do port forwarding in AIX? We would like to re route traffic from port A to port B on AIX LPAR. for example: my application is using 8080 port on LPAR and would like to use the 8081 instead of 8080. By default application was configured with 8080. But instead of changing... (2 Replies)
Discussion started by: System Admin 77
2 Replies

LEARN ABOUT CENTOS

firewalld.richlanguage

FIREWALLD.RICHLANG(5)					      firewalld.richlanguage					     FIREWALLD.RICHLANG(5)

NAME

       firewalld.richlanguage - Rich Language Documentation

DESCRIPTION

       With the rich language more complex firewall rules can be created in an easy to understand way. The language will use keywords with values
       and will be an abstract representation of ip*tables rules. Zones can be configured using this language, the current configuration will
       still be supported.

       The rich language extends the current zone elements (service, port, icmp-block, masquerade and forward-port) with additional source and
       destination addresses, logging, actions and limits for logs and actions.

       This page describes the rich language used in the command line client and D-Bus interface. For information about the rich language
       representation used in the zone configuration files, please have a look at firewalld.zone(5).

       A rule is part of a zone. A zone can contain several rules. If some rules interact/contradict, the first rule that matches "wins".

       General rule structure

	   rule
	     [source]
	     [destination]
	     service|port|protocol|icmp-block|masquerade|forward-port
	     [log]
	     [audit]
	     [accept|reject|drop]

       The complete rule is provided as a single line string. A destination is allowed here as long as it does not conflict with the destination
       of a service and is not allowed for masquerade at all.

       Rule structure for source black or white listing

	   rule
	     source
	     [log]
	     [audit]
	     accept|reject|drop

       This is used to grant or limit access from a source to this machine or machines that are reachable by this machine. A destination is not
       allowed here.

       Important information about element options: Options for elements in a rule need to be added exactly after the element. If the option is
       placed somewhere else it might be used for another element as far as it matches the options of the other element or will result in a rule
       error.

   Rule
	   rule [family="ipv4|ipv6"]

       If the rule family is provided, it can be either "ipv4" or "ipv6", which limits the rule to IPv4 or IPv6. If the rule family is not
       provided, the rule will be added for IPv4 and IPv6. If source or destination addresses are used in a rule, then the rule family need to be
       provided. This is also the case for port/packet forwarding.

   Source
	   source address="address[/mask]" [invert="True"]

       With the source address the origin of a connection attempt can be limited to the source address. A source address or address range is
       either an IP address or a network IP address with a mask for IPv4 or IPv6. The network family (IPv4/IPv6) will be automatically discovered.
       For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. It
       is possible to invert the sense of an address by adding invert="true" or invert="yes". All but the used address with match.

   Destination
	   destination address="address[/mask]" invert="True"

       With the destination address the target can be limited to the destination address. The destination address is using the same syntax as the
       source address.

       The use of source and destination addresses is optional and the use of a destination addresses is not possible with all elements. This
       depends on the use of destination addresses for example in service entries.

   Service
	   service name="service name"

       The service service name will be added to the rule. The service name is one of the firewalld provided services. To get a list of the
       supported services, use firewall-cmd --get-services.

       If a service provides a destination address, it will conflict with a destination address in the rule and will result in an error. The
       services using destination addresses internally are mostly services using multicast.

   Port
	   port port="port value" protocol="tcp|udp"

       The port port value can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp.

   Protocol
	   protocol value="protocol value"

       The protocol value can be either a protocol id number or a protocol name. For allowed protocol entries, please have a look at
       /etc/protocols.

   ICMP-Block
	   icmp-block name="icmptype name"

       The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes

       It is not allowed to specify an action here. icmp-block uses the action reject internally.

   Masquerade
	   masquerade

       Turn on masquerading in the rule. A source address can be provided to limit masquerading to this area, but not a destination address.

       It is not allowed to specify an action here.

   Forward-Port
	   forward-port port="port value" protocol="tcp|udp" to-port="port value" to-addr="address"

       Forward port/packets from local port value with protocol "tcp" or "udp" to either another port locally or to another machine or to another
       port on another machine.

       The port value can either be a single port number or a port range portid-portid. The destination address is an IP address.

       It is not allowed to specify an action here. forward-port uses the action accept internally.

   Log
	   log [prefix="prefix text"] [level="log level"] [limit value="rate/duration"]

       Log new connection attempts to the rule with kernel logging for example in syslog. You can define a prefix text that will be added to the
       log message as a prefix. Log level can be one of "emerg", "alert", "crit", "error", "warning", "notice", "info" or "debug". See syslog(3)
       for description of levels.

       It is possible to limit logging: The rate is a natural positive number [1, ..], the duration is of "s", "m", "h", "d". "s" means seconds,
       "m" minutes, "h" hours and "d" days. The maximum limit value is "1/d" which means at maximum one log entry per day.

   Audit
       Audit provides an alternative way for logging using audit records sent to the service auditd. The audit type will be discovered from the
       rule action automatically. The use of audit is optional.

       Also audit can be limited using the limit tag.

   Action
       An action can be one of accept, reject or drop.

       The rule can either contain an element or also a source only. If the rule contains an element, then new connection matching the element
       will be handled with the action. If the rule does not contain an element, then everything from the source address will be handled with the
       action.

	   accept | reject [type="reject type"] | drop

       With accept all new connection attempts will be granted. With reject they will not be accepted and there source will get a reject message.
       The reject type can be set to use an other value. For valid reject types see --reject-with type in iptables-extensions(8) man page. Because
       reject types are different for IPv4 and IPv6 you have to specify rule family when using reject type. With drop all packets will be dropped
       immediately, there is no information sent to the source.

       Also an action can be limited using the limit tag.

   Information about logging and actions
       Logging can be done with the log and also with audit. A new chain is added to all zones: zone_log. This will be jumped into before the deny
       chain to be able to have a proper ordering.

       The rules or parts of them are placed in separate chains according to the action of the rule:

	   zone_log
	   zone_deny
	   zone_allow

       Then all logging rules will be placed in the zone_log chain, which will be walked first. All reject and drop rules will be placed in the
       zone_deny chain, which will be walked after the log chain. All accept rules will be placed in the zone_allow chain, which will be walked
       after the deny chain. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains.

EXAMPLES

       These are examples of how to specify rich language rules. This format (i.e. one string that specifies whole rule) uses for example
       firewall-cmd --add-rich-rule (see firewall-cmd(1)) as well as D-Bus interface.

   Example 1
       Enable new IPv4 and IPv6 connections for protocol 'ah'

	   rule protocol value="ah" accept

   Example 2
       Allow new IPv4 and IPv6 connections for service ftp and log 1 per minute using audit

	   rule service name="ftp" log limit value="1/m" audit accept

   Example 3
       Allow new IPv4 connections from address 192.168.0.0/24 for service tftp and log 1 per minutes using syslog

	   rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp" level="info" limit value="1/m" accept

   Example 4
       New IPv6 connections from 1:2:3:4:6:: to service radius are all rejected and logged at a rate of 3 per minute. New IPv6 connections from
       other sources are accepted.

	   rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns" level="info" limit value="3/m" reject
	   rule family="ipv6" service name="radius" accept

   Example 5
       Forward IPv6 port/packets receiving from 1:2:3:4:6:: on port 4011 with protocol tcp to 1::2:3:4:7 on port 4012

	   rule family="ipv6" source address="1:2:3:4:6::" forward-port to-addr="1::2:3:4:7" to-port="4012" protocol="tcp" port="4011"

   Example 6
       White-list source address to allow all connections from 192.168.2.2

	   rule family="ipv4" source address="192.168.2.2" accept

   Example 7
       Black-list source address to reject all connections from 192.168.2.3

	   rule family="ipv4" source address="192.168.2.3" reject type="icmp-admin-prohibited"

   Example 8
       Black-list source address to drop all connections from 192.168.2.4

	   rule family="ipv4" source address="192.168.2.4" drop

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 													     FIREWALLD.RICHLANG(5)
All times are GMT -4. The time now is 04:31 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy