Firewalld of CentOS 8 has been unbound with iptables

Time:2019-11-8

Article reprinted from: firewalld of CentOS 8 has been unbound with iptables

Today, someone came to me and said that the one click installation script I used before is not working well. I hope I can help to see what happened.

According to his description, it is preliminarily determined that the system is caused by multiple installation of a certain dependency. Ask carefully, every time he has a problem, he will directly rebuild VPS, which should not exist. Then guess that the script does not match the current system. The script has not been updated for too long, so the installation reports an error. The script he said was neither written by me nor used. It was hard for him to contact the author for feedback, and it could not solve the current problem. So he helped to find another one click installation script for him to try.

The new script will soon install the required software successfully, but there is a problem of being unable to connect. Considering that the server may be blocked, it can not be connected with the overseas server. Then he was instructed to eliminate the factors such as service not started, iptables port and service provider firewall not released. The problem remained.

I haven’t seen such a strange situation for a long time, so I asked him for the root password and logged in to the server to check the problem myself. First useps aux | grep xxxCheck the process to make sure the software is working properly; thennetstat -nltpCheck the port monitoring, and confirm that the port has been monitored and is being monitored;iptables -nLCheck the built-in firewall of the system, and the output is empty, indicating that iptables does not shield the port that the process listens to. However, in such a configuration, it is still impossibletelnetConnect to this server remotely. Where is the problem?

Is it because of the process? So the testsshProcess monitoring port, unable to connect; change to another port, still unable to connect; change to the commonly used 80 and 443 ports, alsotelnetNo way. Tested multiple processes and ports, exceptsshNo matter which process is listening to other ports, port 22 of cannot.

At this point, it is not the system that has problems, it is my level that has problems. Then useuname -aView the system version, and the output is as follows:Linux xxx 4.18.0-80.7.1.el8_0.x86_64 #1 SMP Sat Aug 3 10:14:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux。 The information is a little messy, but the problem can be seen at a glance: el8, the system isCentOS 8

Now it’s all clear: the previous one click installation script is not easy to use, because the script only applies to 6 and 7,CentOS 8I haven’t tested it for a long time since I just came out; the one click installation script I found can be installed and run, and I can’t connect becauseCentOS 8Firewalld in has been unbound with iptables. The backend usesnftablesThis isiptables -nLThe real reason why the output is empty or unable to connect; to connect, just use thenftperhapsfirewall-cmdRelease the corresponding port:

firewall-cmd --permanent --add-port=xxxx/tcp
firewall-cmd --reload

It’s a little difficult to explain this to him, so let him reconstruct VPSCentOS 7, one click installation script is ready to use, and it can also be connected remotely.

CentOS 8Opened a new world.

Reference resources

  1. https://www.zdnet.com/article…
  2. https://developers.redhat.com…

Recommended Today

The use of progressbarcontrol, a progress bar control of devexpress – Taking ZedGraph as an example to add curve progress

scene WinForm control – devexpress18 download installation registration and use in vs: https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/details/100061243 When using ZedGraph to add curves, the number of curves is slower if there are many cases. So in the process of adding curve, the progress needs to be displayed, and the effect is as follows     Note: Blog home page:https://blog.csdn.net/badao_liumang_qizhi […]