I've been using iptables for a long time, but have never used firewalld until recently.
I have enabled port 3000 TCP via firewalld with the following command:
# firewall-cmd --zone=public --add-port=3000/tcp --permanent
However I can't
access the server on port 3000. From an external box:
telnet 178.62.16.244 3000
Trying 178.62.16.244...
telnet: connect to address 178.62.16.244: Connection refused
There are no routing issues: I have a separate rule for a port forward from port 80 to port 8000 which works fine externally. My app is definitely listening on the port too:
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 99 36797 18662/node
firewall-cmd doesn't seem to show the port either - see how ports is empty. You can see the forward rule I mentioned earlier.
# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports: port=80:proto=tcp:toport=8000:toaddr=
icmp-blocks:
rich rules:
However I can see the rule in the XML config file:
# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="ssh"/>
<port protocol="tcp" port="3000"/>
<forward-port to-port="8000" protocol="tcp" port="80"/>
</zone>
What else do I need to do to allow
access to my app on port 3000?
Also: is adding
access via a port the correct thing to do? Or should I make a firewalld 'service' for my app instead?
