Hello, After setting static address on wlan0 (for port forwarding on my ZTE ZXHN H298N Hyperoptic router) I was unable to connect to internet. Only after disabling firewall I was able to make the connection. Now I am worried that my system is vulnerable to outside attacks. What can be done to protect my system. All suggestions will be greatly appreciated.**
At the moment, I cannot think of any reason how simply setting a static IP address should disable connecting to the Internet and how the firewall works.
At the very least, maybe a reboot could resolve odd issues.
Some things come to mind… Are you using Wicked or NM to manage your networking, and do you know what those are? Perhaps you have set up an odd hybrid because you set up one without disabling the other (There are a few Forum threads about people who have made this mistake)?
Of course, port forwarding (incoming connections) would be blocked if you don’t open those ports in your firewall either explicitly or by choosing a permissive firewall zone… The Public zone is default which is most restrictive, “Trusted” or other zones can be chosen which might allow incoming connections without more work (depends on what you’re allowing on what port). But that wouldn’t block outbound Internet connections.
[LEFT]At the very least, maybe a reboot could resolve odd issues.[/LEFT]
Every time I make any kind of change in network connection I reboot system using command: sudo systemctl restart network
I am using Wicked and not NM. As far as I know Wicked is used when the network environment is not likely to change frequently. When using Yast to set up static address you get the option to use one or the other. There is no option to disable one.
I have set the firewall to all zones. It does not matter which zone I choose, until I disable the firewall I do not get internet connection.
Normally, I wouldn’t expect firewalld to be preventing internet connectivity - it should allow network connections initiated (solicited traffic) from within your system, but perhaps you should share your existing firewall configuration…
and perhaps a definitive view of your current IP configuration…