I’ve been using iptables for a long time, but have never used firewalld until recently.
I have enabled port 3000 TCP via firewalld with the following command:
# firewall-cmd --zone=public --add-port=3000/tcp --permanent
However I can’t access the server on port 3000. From an external box:
telnet 220.127.116.11 3000 Trying 18.104.22.168... telnet: connect to address 22.214.171.124: Connection refused
There are no routing issues: I have a separate rule for a port forward from port 80 to port 8000 which works fine externally. My app is definitely listening on the port too:
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 99 36797 18662/node
firewall-cmd doesn’t seem to show the port either – see how
ports is empty. You can see the forward rule I mentioned earlier.
# firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: port=80:proto=tcp:toport=8000:toaddr= icmp-blocks: rich rules:
However I can see the rule in the XML config file:
# cat /etc/firewalld/zones/public.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <port protocol="tcp" port="3000"/> <forward-port to-port="8000" protocol="tcp" port="80"/> </zone>
What else do I need to do to allow access to my app on port 3000?
Also: is adding access via a port the correct thing to do? Or should I make a firewalld ‘service’ for my app instead?
--permanent flag writes your changes to the persistent configuration, but not the running configuration. Run the same command again without the
--permanent flag to have it take effect immediately.
Beginning with RHEL 7.1 and current versions of Fedora, you can also copy the running configuration to the permanent configuration with:
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.