On 2020-06-16 11:43, Ed Greshko wrote:
On 2020-06-16 07:24, Kenneth Porter
wrote:
--On
Tuesday, June 16, 2020 8:17 AM +0800 Ed Greshko <ed.greshko@greshko.com>
wrote:
For RHEL/CentOS, I start by listing
the back end rules.
What would be the command to list those?
This looks like a good starting point:
<https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes>
The other thing I found odd is that I did
firewall-cmd --set-log-denied=all
And saw no journal entries showing the reject. I used wireshark.
and I do see.
129.168.2.116----->192.168.122.152 Transmission Control
Protocol, Src Port: 44870, Dst Port: 22, Seq: 0, Len: 0
and immediately after
192.168.2.127----->192.168.2.116 Internet Control Message
Protocol (Port unreachable)
I should have tried this earlier. But it seems the issues aren't
confined to the libvirt zone.
And the symptoms seem odder.
enp2s0 on the "middle (meimei)" host is 192.168.1.18. From the
"right (acer2)" host I can ping
meimei and ssh to meimei with the firewall active.
However, to a different host 192.168.1.142....
[egreshko@acer ~]$ ping -c 1 -q 192.168.1.142
PING 192.168.1.142 (192.168.1.142) 56(84) bytes of data.
--- 192.168.1.142 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
But....
[egreshko@acer ~]$ ssh 192.168.1.142
ssh: connect to host 192.168.1.142 port 22: No route to host
--
The key to getting good answers is to ask good questions.