[colug-432] CentOS 7 weird DNS network oddity...

Juan Martinez colug at martinez.cx
Sun Feb 22 06:51:52 EST 2015


firewall-cmd can make changes to both the permanent and running firewall
configurations. Changes made to the permanent configuration aren't
active until a reload but changes to the running config are immediate.

Most commands are the same with the difference being you have to add a
'--permanent' switch when designating the permanent configuration.


On Sat, 2015-02-21 at 22:15 -0500, Joshua Kramer wrote:
> Okay, so I forgot one very important command after configuring the
> firewall:
> 
> firewall-cmd --reload
> 
> 
> Thanks Greg, your comment about zones made me look at the firewall-cmd
> man page (which I should have done to start).  That's where I found
> out that changes aren't active until you reload.
> 
> 
> On Sat, Feb 21, 2015 at 10:03 PM, Greg Sidelinger
> <gate at ilive4code.net> wrote:
>         Did you add the DNS service to the right zone with
>         firewall-cmd?  That has gotten me more than once.  I do have a
>         tendency to do a iptable -F anytime I think it's netfilter.
>         Granted I think the proper way is to stop the firewalld
>         service.
>         
>         
>         On Saturday, February 21, 2015, Joshua Kramer
>         <joskra42.list at gmail.com> wrote:
>                 Hello Everyone,
>                 
>                 
>                 I have a really weird problem here.  For reference,
>                 the client is my laptop, which is running CentOS 7.
>                 The server is also running CentOS 7.
>                 
>                 
>                 The server is basically a KVM host, though it also
>                 runs NFS and DNS.  I have a virtual network set up
>                 that is routed and connected to my primary enp2s0.
>                 
>                 
>                 The primary address of the physical server is
>                 192.168.2.220.
>                 
>                 The virtual network address of the server is
>                 192.168.4.1.
>                 
>                 My laptop is on a 192.168.3 subnet.
>                 
>                 
>                 I can ssh from my laptop to the physical server at
>                 its .4.1 address.  I can also ssh from my laptop to
>                 virtual machines running in the server, for example,
>                 at .4.10.  I can even telnet to .4.1 on port 53 from
>                 my laptop and it will connect and then close the
>                 connection.
>                 
>                 
>                 Virtual machines running on the server can use the DNS
>                 server no problem, to resolve both internet-bound
>                 names and names of other virtual machines on that
>                 internal network.
>                 
>                 
>                 My laptop cannot use the DNS server!  I notice when I
>                 telnet to the dns port from one of the virtual
>                 machines, the connection opens and stays open.  If I
>                 telnet to the dns port from my laptop, it opens then
>                 immediately closes.  Relevant named.conf lines are:
>                 
>                 listen-on port 53 { 127.0.0.1; 192.168.4.1; };
>                 allow-query     { localhost; 192.168/16; };
>                 recursion yes;
>                 allow-recursion { 192.168/16; };
>                 
>                 
>                 I've made sure the selinux contexts are correct for
>                 the files, and I've used firewall-cmd to allow DNS
>                 queries through.  Where should I look next?
>                 
>                 
>                 Thanks!
>                 
>                 -JK
>                 
>         
>         
>         
>         -- 
>         ------------------------------------------
>         Sent from mobile device.... Please ingore my many typos.
>         
>         _______________________________________________
>         colug-432 mailing list
>         colug-432 at colug.net
>         http://lists.colug.net/mailman/listinfo/colug-432
>         
> 
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432





More information about the colug-432 mailing list