<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Feb 25, 2016 at 5:48 AM, Timothy Murphy <span dir="ltr"><<a href="mailto:gayleard@eircom.net" target="_blank">gayleard@eircom.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Richard Shaw wrote:<br>
<br>
> On Tue, Feb 23, 2016 at 7:31 AM, Timothy Murphy <<a href="mailto:gayleard@eircom.net">gayleard@eircom.net</a>><br>
> wrote:<br>
><br>
>> I see that I have to open ports 1714-1764, TCP and UDP.<br>
>> I'm running firewalld on the laptop.<br>
>> I give the command "firewall-config" and authenticate.<br>
>> Clicking on zone "internal" I see that kde-connect is ticked.<br>
>> And when I go to Ports I see that ports 1714-1764 are listed, TCP and<br>
>> UDP. And all this remains set if I reboot.<br>
<br>
<br>
> Let's try the simple stuff first... Is your default zone for your network<br>
> connection also "internal"?<br>
<br>
</span>Thank you very much.<br>
That was indeed the issue.<br>
After changing the default zone to "internal" everything works fine.<br>
<br>
But I don't understand the reasoning behind this.<br>
This use of the term "zone" seems to me misleading and bizarre.<br>
I run shorewall on my home server, and there the "zone"<br>
can be "net", "local", etc.<br>
Any changes made to a particular zone come into effect<br>
on restarting shorewall.<br>
It would not make sense in this context to choose a "default zone".<br></blockquote><div><br></div><div>Based on my limited understanding, each network interface can be associated with a different zone, so in the case of a typical home user, you'll only ever use one zone so you need to change the rules for the zone your one network interface is associated with.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Incidentally, restarting firewalld does not seem to me to work properly,<br>
as a window comes up asking for authentication.<br>
I don't recall any other service requiring this,<br>
and it would seem to prevent remote restarting.</blockquote><div><br></div><div>I assume you're doing this from the gui interface as a normal user? In that case yes, it wants to make sure you are some one in the "wheel" group so it's a gui equivalent to sudo.</div><div><br></div><div>Thanks,</div><div>Richard </div></div></div></div>