• 12
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Successful connect to a closed port with FirewallD

Please help to understand why FirewallD allows me to connect to one port but blocks the second.

There is a Docker container with transmission:

5cf144eed6f2        maksim77/transmission   "/bin/sh -c 'transmis"   14 hours ago        Up 16 minutes       0.0.0.0:9091->9091/tcp, 0.0.0.0:51413->51413/tcp   transmission

Both ports (9091 and 51413) are not listed in FirewallD rules:

root@host:maksim #firewall-cmd --list-all-zones | grep active
public (default, active)
trusted (active)

root@host:maksim #firewall-cmd --list-all --zone trusted
  trusted (active)
  interfaces: docker0
  sources:
  services:
  ports: 4243/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

root@host:maksim #firewall-cmd --list-all --zone public
  public (default, active)
  interfaces: enp9s0
  sources:
  services: dhcpv6-client ftp http ssh
  ports: 41387/tcp 1900/udp 50213/tcp 8200/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

But! The connection is successful for port 9091 but not for port 51413. Port 51413 is available only for 127.0.0.1

You don't see these in firewalld because Docker opens the ports itself, outside of firewalld.

To see what Docker is doing, run:

iptables -L DOCKER
iptables -t nat -L DOCKER

Docker will open firewall ports itself for any port your containers EXPOSE, unless you explicitly disable this. It also allows containers which need to communicate with each other to do so, so you should leave this enabled unless you really know what you're doing.

  • 0
Reply Report
      • 2
    • Thank you! It is now clear why it is not visible in the output ports on the FirewallD. According to iptables both ports are open but port 51413 is closed from the outside. Whereas at the request of localhost it is available.

Trending Tags