• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Server Application Getting “connection refused” From Remote Servers [due to firewalld or iptables] – CentOS/RHEL 7

By admin

The Problem

An application is getting “connection refused” from other servers. The application is accessible from localhost and also it listens to the expected port.

The Solution

Firewall on the local server is dropping inbound connection attempts from other servers.

Note: By default, CentOS/RHEL 7 uses the FIREWALLD service to manage the IPTABLES rules. The older IPTABLES subsystem is still available and may be used directly if the FIREWALLD service is disabled.

1. Determine if the FIREWALLD service is being used.

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Thu 2017-12-21 15:03:59 EST; 4s ago 
Docs: man:firewalld(1)
Main PID: 18880 (firewalld)
CGroup: /system.slice/firewalld.service
└─18880 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Dec 21 15:03:58 testserver systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 21 15:03:59 testserver systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 21 15:04:01 testserver firewalld[18880]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Dec 21 15:04:01 testserver firewalld[18880]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Dec 21 15:04:01 testserver firewalld[18880]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Dec 21 15:04:01 testserver firewalld[18880]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Dec 21 15:04:01 testserver firewalld[18880]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Dec 21 15:04:01 testserver firewalld[18880]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.

2. Determine if the IPTABLES service is being used.

# systemctl status iptables.service
* iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2017-12-21 17:51:12 UTC; 26min ago 
Process: 440 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 440 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service

Dec 21 17:51:12 testserver systemd[1]: Starting IPv4 firewall with iptables...
Dec 21 17:51:12 testserver iptables.init[440]: iptables: Applying firewall rules: [ OK ]
Dec 21 17:51:12 testserver systemd[1]: Started IPv4 firewall with iptables.
Caution: checking the firewall using “iptables -L” is not sufficient.

3. Prior to CentOS/RHEL 7, checking the system firewall using the iptables command was sufficient to know if a firewall was being used. For example, checking with:

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
...
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

was enough.to determine how to control the firewall rules. With CentOS/RHEL 7, either the newer FIREWALLD service or the older IPTABLES-SERVICE could be controlling the firewall rules. So both needs to be checked to be sure.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. MySQL Server Error – “Can’t Create A New Thread (errno 11)”
  2. CentOS / RHEL : How to delete LVM volume
  3. Sample /etc/services file in Linux
  4. How to Create and Mount Btrfs Snapshots
  5. How to Configure iSCSI Initiator and iSCSI Timeouts in CentOS/RHEL 7
  6. How to run a cron job on specific days of the week
  7. The System Activity Reporter (sar) Command in Linux
  8. How to disable the default apache “Welcome Page” in CentOS/RHEL 7
  9. Sample /etc/multipath.conf file
  10. Understanding SELinux File Labelling and SELinux Context

You May Also Like

Primary Sidebar

Recent Posts

  • How to disable ACPI in CentOS/RHEL 7
  • How to Use real-time query to access data on a physical standby database
  • CentOS/RHEL 8: “ACPI MEMORY OR I/O RESET_REG” Server Hung after reboot
  • How to Create a Physical Standby Database by Using SQL and RMAN Commands
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary