CHARON Linux server - Connection to guest console blocked by firewall

Owned by Bruno Miretti (Deactivated)
Last updated: Jul 27, 2020Version comment
2 min read

Problem

Connections refused to guests console when connecting via telnet to localhost with the port number specified in the configuration file (10003, 10004, ...).

This can be caused by firewall settings.

Example1:

# telnet charonserver 10003
telnet: connect to address 192.168.42.42: Connection refused

Example2:

# telnet charonserver 10003

Trying 192.168.42.42...
telnet: connect to address 192.168.42.42: No route to host

Solution

To ensure the TCP ports are not blocked by the firewall, please execute the following commands

Red Enterprise Linux Server 6.x

# iptables -I INPUT -p tcp --dport <port> --syn -j ACCEPT
# iptables -I INPUT -p udp --dport <port> -j ACCEPT
# service iptables save

Example:

# iptables -I INPUT -p tcp --dport 10003 --syn -j ACCEPT
# iptables -I INPUT -p udp --dport 10003 -j ACCEPT
# iptables -I INPUT -p tcp --dport 10004 --syn -j ACCEPT
# iptables -I INPUT -p udp --dport 10004 -j ACCEPT
# service iptables save

Red Enterprise Linux Server/CentOS7 7 and 8 (using firewalld service)

As "firewalld" is installed by default, the commands used are those given in the example below.

Example with console on port 10003:

# firewall-cmd --permanent --new-service=Charon
success
# firewall-cmd --permanent --service=Charon --add-port=10003/tcp
success
# firewall-cmd --permanent --service=Charon --add-port=10003/udp
success
# firewall-cmd --get-active-zones
public
  interfaces: ens34 ens35
# firewall-cmd --zone=public --permanent --add-service=Charon
success
# firewall-cmd --reload
success


Links

Related articles


© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.