Results 1 to 5 of 5

Thread: Yast firewall settings do not apply

Hybrid View

  1. #1

    Red face Yast firewall settings do not apply

    Hello community!

    I posted my question on LinuxQuestions.org (http://www.linuxquestions.org/questi...-a-4175591495/), but I was told there they don't know too much about open SUSE specifically, so I'm asking the experts here.

    My problem is that I cannot access tomcat6 from other computers on the same subnet as my tomcat6 server (which is an OES2015, with all the latest updates, fresh install by the way). At least not as long as the firewall is enabled.

    I think I can say I'm 100% sure the firewall is the problem, and here's why: tomcat seems to be correctly configured to listen on port 8080. I can access it perfectly fine from the localhost at all times. AND: I can also perfectly access it from any computer on the same subnet as long as the firewall is turned off on my OES2015. As soon as I turn the firewall on, computers on the same subnet trying to access the tomcat start page on my OES2015 get a "connection timed out" message.
    Now, this wouldn't be surprising, but I have set exceptions in the firewall of my OES2015 using Yast. Just to make sure, I added the exception for internal zone, external zone and demilitarized zone (even though that's probably not necessary).

    The following screenshot show's how I did it (example for external zone, looks exactly the same for internal zone and demilitarized zone):

    Screenshot

    And, of course, I restarted the firewall after making those changes, and, just to be sure, I even restarted the whole OES2015 server.

    Still, no luck, I cannot access tomcat6 from any of the other computers in the same subnet (repeat: as long as the firewall is turned on, that is, as soon as I turn it off, the tomcat6 startpage is perfectly reachable from all computers on the same subnet).

    Is this a known bug in Yast or something, that firewall exceptions are not applied to iptables?

    Probably not, probably I'm just too stupid to configure it correctly.
    Any help would be greatly appreciated.

    Have a wonderful day!

    Peter

  2. Re: Yast firewall settings do not apply

    Hi and welcome to the forum
    I normally just add the ports to open via allowed services and select the advanced button to add the port number in the relevant protocol box.

    Just check changes are applied via;
    Code:
    iptables -S
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3

    Re: Yast firewall settings do not apply

    Agreed; go to 'Allowed Services' and then 'Advanced' and type 8080 in the
    TCP field. DELETE your current rules, as those are wrong; notice you have
    a source port specified, so unless your clients happen to use the same
    source port as the destination port, it will be blocked.

    Other commands to see what iptables is actually doing:

    Code:
    /usr/sbin/iptables -nvL
    /usr/sbin/iptables-save
    tail -f /var/log/firweall

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  4. #4

    Re: Yast firewall settings do not apply

    Quote Originally Posted by ab View Post
    Agreed; go to 'Allowed Services' and then 'Advanced' and type 8080 in the
    TCP field. DELETE your current rules, as those are wrong; notice you have
    a source port specified, so unless your clients happen to use the same
    source port as the destination port, it will be blocked.

    Other commands to see what iptables is actually doing:

    Code:
    /usr/sbin/iptables -nvL
    /usr/sbin/iptables-save
    tail -f /var/log/firweall
    Thanks a lot, your suggestions worked, I can now reach tomcat6 from any computer on my OES2015's subnet.

    I really appreciate that, I'm coming from Windows, but I find learning Linux not too hard because of the good support you get in the community!

    Have a nice day!

  5. #5

    Re: Yast firewall settings do not apply

    On 10/23/2016 04:54 AM, baedamichi wrote:
    >
    > Thanks a lot, your suggestions worked, I can now reach tomcat6 from any
    > computer on my OES2015's subnet.


    Great to hear; thank-you for posting back your results.

    > I really appreciate that, I'm coming from Windows, but I find learning
    > Linux not too hard because of the good support you get in the
    > community!


    Welcome to the community; I imagine, like mine, it will be a great journey
    for the reasons you specified, among others.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •