Results 1 to 10 of 10

Thread: I can't correctly enable services on firewalld

  1. #1

    Default I can't correctly enable services on firewalld

    I'm trying to correctly configure firewalld in order to enable some services.

    This is my current configuration:

    Code:
    ~> firewall-cmd --state
    running
    Code:
    ~> sudo firewall-cmd --zone=home --list-all
    home (active)
      target: default
      icmp-block-inversion: no
      interfaces: wlp4s0
      sources: 
      services: dhcpv6-client http kdeconnect-kde mdns samba-client ssh
      ports: 
      protocols: 
      masquerade: no
      forward-ports: 
      source-ports: 
      icmp-blocks: 
      rich rules:
    Code:
    ~> sudo nmap -sT -O localhost
    Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-20 19:50 CET
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.00031s latency).
    Other addresses for localhost (not scanned): ::1
    Not shown: 995 closed ports
    PORT     STATE SERVICE
    25/tcp   open  smtp
    631/tcp  open  ipp
    3306/tcp open  mysql
    8080/tcp open  http-proxy
    8443/tcp open  https-alt
    Device type: general purpose
    Running: Linux 2.6.X
    OS CPE: cpe:/o:linux:linux_kernel:2.6.32
    OS details: Linux 2.6.32
    Network Distance: 0 hops
    
    
    OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 2.71 seconds
    From this, everything seems to be working fine, but if I'm unable to connect (or even see) these ports from an Android phone, connected to the same wifi network as my laptop. More precisely, I've used Fing to scan for open ports on my computer, and none was detected.

    I'm also unable to access some local developed websites that I'm trying to expose to the local network via http (8080 port), in order to test on mobile devices (which is the reason why I'm trying to make this work).


    However, if I disable the firewall with

    Code:
    sudo systemctl stop firewalld
    I can detect that HTTP ports are open, and I can normally navigate on my local websites from my phone's browser.


    How can I correctly setup the firewall?

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,722

    Default Re: I can't correctly enable services on firewalld

    While I do not quite understand your problem, I get the idea that you check what ports can be reached at localhost and then think that those ports can be reached from another system. That is not the case. Localhost can only be reached from the local host. Traffic to localhost is not even real network traffic and will thus not be blocked by the firewall.
    Henk van Velden

  3. #3
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,176
    Blog Entries
    3

    Default Re: I can't correctly enable services on firewalld

    Quote Originally Posted by sekhemty View Post
    How can I correctly setup the firewall?
    Well, I don't really know. But I'll comment on what I did for ssh with Leap 15.1 Beta.

    I forgot to open the ssh port during install. So I brought up firewalld configuration.

    I added "ssh" to the ports. And it looked okay. But it still did not work.

    So I added my network interface to a zone. And then it worked.

    I'm not sure whether it matters what zone. Looking at the GUI, 'ssh' seemed to be available in all zone, but not working. And the interface showed a zone of "default". So maybe the default is to not be in any zone and as soon as I add it to a zone it works.

    The configuration GUI for 15.1 is very different from that for 15.0. I have not recently looked at the one for Tumbleweed, but since changes usually start on Tumbleweed, it might be the same as 15.1.
    openSUSE Leap 15.1; KDE Plasma 5;

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,009
    Blog Entries
    1

    Default Re: I can't correctly enable services on firewalld

    I'm also a little bit confused about what you're asking, but you mentioned
    Quote Originally Posted by sekhemty View Post
    I'm also unable to access some local developed websites that I'm trying to expose to the local network via http (8080 port), in order to test on mobile devices (which is the reason why I'm trying to make this work).
    but you haven't opened this port in firewalld yet (based on what you posted so far).
    openSUSE Leap 15.0; KDE Plasma 5

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,009
    Blog Entries
    1

    Default Re: I can't correctly enable services on firewalld

    BTW, to open that port (with firewalld active), you could do
    Code:
    sudo firewall-cmd --zone=home --permanent --add-port=8080/tcp.
    Code:
    sudo firewall-cmd --reload
    openSUSE Leap 15.0; KDE Plasma 5

  6. #6

    Default Re: I can't correctly enable services on firewalld

    Quote Originally Posted by nrickert
    Well, I don't really know. But I'll comment on what I did for ssh with Leap 15.1 Beta.

    I forgot to open the ssh port during install. So I brought up firewalld configuration.

    I added "ssh" to the ports. And it looked okay. But it still did not work.

    So I added my network interface to a zone. And then it worked.

    I'm not sure whether it matters what zone. Looking at the GUI, 'ssh' seemed to be available in all zone, but not working. And the interface showed a zone of "default". So maybe the default is to not be in any zone and as soon as I add it to a zone it works.

    The configuration GUI for 15.1 is very different from that for 15.0. I have not recently looked at the one for Tumbleweed, but since changes usually start on Tumbleweed, it might be the same as 15.1.
    My network interface already is in the "home" zone, where I have enable the "http" service, but I'm still unable to connect.

    Quote Originally Posted by deano_ferrari
    but you haven't opened this port in firewalld yet (based on what you posted so far).
    Not manually, but I've enable the "http" firewall service; from what I understand these services are just sets of predefined ports that one can enable instead of manually do that for every single port associated with it.

    A scan with nmap shows me that HTTP ports are opened, but I cant access them from other devices on the same network.

  7. #7
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,722

    Default Re: I can't correctly enable services on firewalld

    Quote Originally Posted by sekhemty View Post
    A scan with nmap shows me that HTTP ports are opened, but I cant access them from other devices on the same network.
    When you mean with that nmap scan the one you show in post #1 above, where you check localhost, I tried already to explain to you that that only shows that programs are listening on those ports and that they can be reached from the local system.

    Firewalls have no influence on local traffic. They block traffic from outside. You should scan with nmap from another system on the LAN.

    When you mean that you did a scan with nmap from aonother system, then please show the results. To put it blunt and inpolite, we do not believe what you say (your conclusions), we believe what the computer says and then try to draw our own conclusions.

    Same for your conclusion that the firewall is open for http. Your listing in post #1 shows http, but later you mention that you are using 8080, which is http-alt (and you were advised to open that in the firewall). So again SHOW the listing from your firewall as it is now.
    Henk van Velden

  8. #8

    Default Re: I can't correctly enable services on firewalld

    Thank you, unfortunately I can only use a mobile device at the moment to scan, so it is not easy to share logs or reports.

    Anyway I managed to solve the problem, after a reboot it works as expected.

    I had set it up in the permanent configuration, and without a reboot, runtime was not affected. A silly oversight on my part

    Thanks everyone for your help.

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,009
    Blog Entries
    1

    Default Re: I can't correctly enable services on firewalld

    Good to read that you've finally got the required port opened, and learned a little about firewalld in the process.
    openSUSE Leap 15.0; KDE Plasma 5

  10. #10
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,581

    Default Re: I can't correctly enable services on firewalld

    Restarting firewalled would also work but reboot does that

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •