NETSWAG Blogs - IPTables and Firewalld
So while working on my lab server, I decided that I needed remote desktop access for the server just cause. After deploying VNC server, I received the following error:
After doing some digging, I realized my firewall was blocking the traffic, and so let the fun begin. Checking iptables, I saw the following:
# iptables -L
<omitted for breivity>
…
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
…
<omitted for breivity>
Thinking that iptables controlled all access to the system, I decided to add the necessary configurations to make this work:
# iptables -A IN_public_allow -m state --state NEW -m tcp -p tcp -m multiport --dports 5901:5905,6001:6005 -j ACCEPT
Which works initially, but is lost on reboot or restart of the service. Why is this???
Next, on a whim I decided to look at firewalld.
# firewall-cmd --get-active-zones
public
interfaces: em1
and
# firewall-cmd --get-active-zones
public
interfaces: em1
[root@netswag00 ~]# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: em1
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
So lets try adding these services via firewalld:
# firewall-cmd --add-rich-rule='rule family="ipv4" service name=vnc-server accept'
success
Next, we test our VNC connection, and after authenticating, I’m in!!!
source: