[colug-432] Centos7, firewalld, Arduino ide to support over the air updates on esp8266
Vince Herried
vherried at gmail.com
Sat Feb 4 14:06:31 EST 2017
First thanks for those that took the time to respond to my earlier query
about frewalld.
The problem again was that over the air updates from the Arduino IDE to an
esp8266
that is connected to my local WiFi failed.
When firewalld was stopped the updates work fine.
Turning on verbose mode in the IDE I was shown the command line:
python
/home/vince/.arduino15/packages/esp8266/hardware/esp8266/2.3.0-rc2/tools/espota.py
-i 10.3.141.33 -p 8266 --auth= -f
/tmp/arduino_build_545522/Robsmqtt_OTA.ino.bin
So I foolishly assumed port 8266 was the entirety of the problem, NOT!
Wireshark to the rescue.
The first message does start from the IDE on my desktop to the target
esp8266 via port 8266, but then wanders off and uses other ports.
So I made a white list for my internal zone
thus
# firewall-cmd --permanent --zone=internal --add-source=10.3.141.0/24
# firewall-cmd --zone=internal --permanent -add-port:1/65535/tcp
# firewall-cmd --reload
# firewall-cmd --zone=internal --list-all
internal (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0
sources: 10.3.141.0/24
services: dhcp dhcpv6 dhcpv6-client dns ftp http https mdns samba-client
ssh
ports: 1-65535/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
#
( my lan is at 10.3.141/24 )
Happy I am, it now works.
Is there a better solution?
Is this a mistake opening up all the ports on all my LAN?
---
A Centos 7 user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20170204/e0381719/attachment.html
More information about the colug-432
mailing list