March 2021 - firewalld-users - Fedora Mailing-Lists

How to forward the requests to another IP when a specific IP is unreachable?

by Jason Long

Hello, I have a test lab and its use VirtualBox with two VMs as below: VM1 (node1): This VM has two NICs (NAT, Host-only Adapter) VM2 (node2): This VM has one NIC (Host-only Adapter) On VM1, I use the NAT interface for the port forwarding: "127.0.0.1:2080" on Host FORWARDING TO 127.0.0.1:80 on Guest. The IP addresses of my VMs are: 192.168.56.7 node1 192.168.56.8 node2 These nodes using the Pacemaker clustering and when node1 stopped, then a floting IP address (192.168.56.9) replace it. # pcs cluster stop node1 node1: Stopping Cluster (pacemaker)... node1: Stopping Cluster (corosync)... # pcs status Error: error running crm_mon, is pacemaker running? Could not connect to the CIB: Transport endpoint is not connected crm_mon: Error: cluster is not available on this node # curl http://192.168.56.9 <html> <body>My Test Site - node2</body> </html> In normal state, when I browse "http://127.0.0.1:2080" on my host, then it shows me "My Test Site - node1", but when I stopped node1 cluster and browse "http://127.0.0.1:2080" it doesn't show me "My Test Site - node2". Can I use Firewalld to forward the requests to "http://192.168.56.9" when node1 stopped? Thank you.

3 years

2
3
0 / 0

Open a port without any service.

by Jason Long

Hello, I just can open and close a port that a service running on that port? I have not any service on port 8080 and did: # firewall-cmd --add-port=8080/tcp success # firewall-cmd --reload success # firewall-cmd --list-ports 80/tcp 443/tcp Why I can't see port 8080 in the list?

3 years

2
3
0 / 0

Introducing ManaFirewall

by Neal Gompa

Hey all, With the release of Mageia Linux 8, I wanted to highlight something that may be interesting to the FirewallD community: the introduction of a new tool by Mageia's ManaTools team: ManaFirewall[1]. The ManaFirewall tool is a rewrite of the drakfirewall tool that has been part of the Mandriva/Mageia Control Center for decades. The old tool was written in Perl and used Shorewall, this new one is written in Python 3 and uses FirewallD. Additionally, since it uses the ManaTools application framework[2], it automatically has Qt5, GTK3, and ncurses based UIs through its usage of the libyui library[3] from the folks at SUSE along with Mageia's extensions[4]. In addition to being available for Mageia Linux 8, I have also brought it to Fedora. As it requires FirewallD 0.9.0 or higher, I have built it for Fedora 34 and Rawhide, and submitted it as an update for Fedora 34[5]. The ManaFirewall tool is relatively new and the functionality isn't to the same level as firewall-config yet, but the long-term goal is to reach feature parity and provide a comfortable experience managing FirewallD regardless of environment (desktop or server). If anyone is interested in contributing to helping make this a reality, they are very welcome! The ManaTools team is available on the #manatools IRC channel on Freenode. [1]: https://github.com/manatools/manafirewall [2]: https://github.com/manatools/python-manatools [3]: https://github.com/libyui/libyui [4]: https://github.com/manatools/libyui-mga [5]: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9867a3782a -- 真実はいつも一つ！/ Always, there's only one truth!

3 years, 1 month

3
4
0 / 0

Firewalld as a reverse proxy server.

by Jason Long

Hello, Is it possible and logical to use the Firewalld as a reverse proxy server? I have below plan: The Internet --> Reverse Proxy --> Apache Web Server Apache can do it, but how about Firewalld? Thank you.

3 years, 1 month

2
4
0 / 0

question about snmp

by Keith Clay

In our public zone we've opened ports 161/162 for snmp traffic. We do an snmpwalk but even with the ports open we still have to open ports 1024-65535 in order for it to work. Is there a way to open 161/162 without opening the entire non-privilege port range for it to work. Thanks

3 years, 1 month

2
1
0 / 0

Re: Looking for a command to show the full state of the firewall

by amicush＠yahoo.com

i am still stuck, i want to see a similar display as when i do #iptables -nvL , but now using firewall-cmd --?? or #nft -?? or anything else

3 years, 1 month

2
1
0 / 0

RTPengine and firewalld.policy to replace firewalld.direct

by Anthony Joseph Messina

I see in upcoming versions, firewalld.policy is to replace the functionality of iptables and firewalld.direct. Browsing through the documentation, I can't see how I would replace the following with policies as I can't find how to have a custom (module provided) TARGET. The following supports the Sipwise NGCP RTPengine iptables kernel module: https://github.com/sipwise/rtpengine # direct.xml <?xml version="1.0" encoding="utf-8"?> <direct>  <chain ipv="ipv4" table="filter" chain="RTPENGINE_allow"/> <chain ipv="ipv6" table="filter" chain="RTPENGINE_allow"/> <passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE_allow</passthrough> <passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough> <passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE_allow</passthrough> <passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough> </direct> -- Anthony - https://messinet.com F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6

3 years, 1 month

2
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

firewalld-users March 2021