Hello,
I was trying to get a different ssh port using my firewall-config: I try the following:
sudo firewall-config
go in there and in the public, under services, I get ssh checked. I presume that is good.
Then I go to ports, add in my port number, and put tcp as the protocol.
Then I go out, start firewalld, get no messages. But I can not ssh in with a different port. (iptables service has no problems with this).
What should I be doing to get this working correctly?
Many thanks for any advice, Ranjan
On 02/06/2013 11:54 AM, Ranjan Maitra wrote:
Hello,
I was trying to get a different ssh port using my firewall-config: I try the following:
I always move my SSHD port in 3 steps:
Edit /etc/ssh/sshd_config to point to the new port Add the port to firewall fix selinux: semanage port -a -t ssh_port_t -p tcp nnn where nnn is the port number.
And it works.
sudo firewall-config
go in there and in the public, under services, I get ssh checked. I presume that is good.
Then I go to ports, add in my port number, and put tcp as the protocol.
Then I go out, start firewalld, get no messages. But I can not ssh in with a different port. (iptables service has no problems with this).
What should I be doing to get this working correctly?
Many thanks for any advice, Ranjan
Sorry, I guess I should have mentioned that I had already done steps 1, 2 and 3 (which is something I also always do).
It is only with firewalld that I have this problem. So, how do I handle this firewalld? iptables works fine, but needs a restart upon every reboot in F18.
Ranjan
On Wed, 6 Feb 2013 12:12:45 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
On 02/06/2013 11:54 AM, Ranjan Maitra wrote:
Hello,
I was trying to get a different ssh port using my firewall-config: I try the following:
I always move my SSHD port in 3 steps:
Edit /etc/ssh/sshd_config to point to the new port Add the port to firewall fix selinux: semanage port -a -t ssh_port_t -p tcp nnn where nnn is the port number.
And it works.
sudo firewall-config
go in there and in the public, under services, I get ssh checked. I presume that is good.
Then I go to ports, add in my port number, and put tcp as the protocol.
Then I go out, start firewalld, get no messages. But I can not ssh in with a different port. (iptables service has no problems with this).
What should I be doing to get this working correctly?
Many thanks for any advice, Ranjan
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 02/07/2013 01:25 AM, Ranjan Maitra wrote:
Sorry, I guess I should have mentioned that I had already done steps 1, 2 and 3 (which is something I also always do).
It is only with firewalld that I have this problem. So, how do I handle this firewalld? iptables works fine, but needs a restart upon every reboot in F18.
Start firewall-config.
At the top, notice there is a drop down menu. Pull down and select "Persistent Configuration".
Select the Services Tab and then Edit Services.
Find the ssh entry and click +Add
Add the port you want
Click on the green "reload" icon.
You're done
On Thu, 7 Feb 2013 03:32:38 +0800 Ed Greshko Ed.Greshko@greshko.com wrote:
On 02/07/2013 01:25 AM, Ranjan Maitra wrote:
Sorry, I guess I should have mentioned that I had already done steps 1, 2 and 3 (which is something I also always do).
It is only with firewalld that I have this problem. So, how do I handle this firewalld? iptables works fine, but needs a restart upon every reboot in F18.
Start firewall-config.
At the top, notice there is a drop down menu. Pull down and select "Persistent Configuration".
Select the Services Tab and then Edit Services.
Find the ssh entry and click +Add
Add the port you want
Click on the green "reload" icon.
You're done
Thanks, this worked (only point was that this "reload" icon was not green for me, but just a grey arrow inside a circle): I replaced 22 with the desired port.
I mentioned the above in case this is helpful to someone who happens to be sifting through the archives later, in search of a solution to the same problem.
Ranjan
____________________________________________________________ FREE ONLINE PHOTOSHARING - Share your photos online with your friends and family! Visit http://www.inbox.com/photosharing to find out more!
On Wed, Feb 06, 2013 at 02:17:35PM -0600, Ranjan Maitra wrote:
Thanks, this worked (only point was that this "reload" icon was not green for me, but just a grey arrow inside a circle): I replaced 22 with the desired port. I mentioned the above in case this is helpful to someone who happens to be sifting through the archives later, in search of a solution to the same problem.
It might be useful to file a bug report about the discoverability of this feature. The firewalld gui is young and there's room to make it better.
On 02/06/2013 12:27 PM, Matthew Miller wrote:
It might be useful to file a bug report about the discoverability of this feature. The firewalld gui is young and there's room to make it better.
Good luck if you do. I've filed several bugs of this type, and they all get marked notabug (because the dev in question doesn't have a problem with it) or wontfix, implying that they don't care. The most recent one could have been fixed simply by making a minor edit to one page at Bugzilla, but the code monkey in charge of it couldn't be bothered.
(If you click on the link to open a New bug, you get a page with no explanation of what to do next, and two links labeled New. Both of them simply reload the page. Apparently, this isn't a bug.)
On Wed, Feb 06, 2013 at 12:42:47PM -0800, Joe Zeff wrote:
On 02/06/2013 12:27 PM, Matthew Miller wrote:
It might be useful to file a bug report about the discoverability of this feature. The firewalld gui is young and there's room to make it better.
Good luck if you do. I've filed several bugs of this type, and they all get marked notabug (because the dev in question doesn't have a problem with it) or wontfix, implying that they don't care. The most recent one could have been fixed simply by making a minor edit to one page at Bugzilla, but the code monkey in charge of it couldn't be bothered.
Here this sounds like you are filing bugs about bugzilla, not about firewalld.
It's true that sometimes bugs do get closed in the way you are describing, but it's important to recognize that different components have different owners. And it's also important to note that the in-production bugzilla.redhat.com installation is a particular special case, since it's used by Fedora but is not part of Fedora.
On 02/06/2013 12:58 PM, Matthew Miller wrote:
Here this sounds like you are filing bugs about bugzilla, not about firewalld.
That particular bug was about Bugzilla,yes. I used it because it was fresh in my mind. However, I also have a RFE for Gnucash (at the Gnome Bugzilla) that's gotten the first response from a dev after over a year, and it's basically, "we don't care." I won't say that all RFEs get ignored this way, but judging only from my own experience, it's not exactly uncommon.
It's true that sometimes bugs do get closed in the way you are describing, but it's important to recognize that different components have different owners. And it's also important to note that the in-production bugzilla.redhat.com installation is a particular special case, since it's used by Fedora but is not part of Fedora.
Yes, I understand that, and in fact, there's a special procedure for reporting bugs in Bugzilla itself that I was careful to take. Some of the devs actually care about what the users think and listen to their concerns, both about bugs and enhancements, but many of them either don't or give the appearance of unconcern. With luck, whoever's maintaining firewalld is one of the good ones. We can only hope.
-
Ed Greshko -
Joe Zeff -
Matthew Miller -
Ranjan Maitra -
Robert Moskowitz