How to open a port on Centos 7

Today I need to open a port on my Centos 7 box and I’m glad I know nothing but iptables which is give me ‘silent’ result 🙂 . After digging a few command from Redhat documentation I found its extremely easy.

As usual I make my note here for my future reference in case I need copy and paste method :-).

Centos 7 comes with firewalld by default. Its use firewall-cmd . For my need to open port 8082 tcp then I just need to type :

firewall-cmd –get-active-zones

public
interfaces: eth0

Yes, I only have ‘public’ zone.

To open port 8082 :

firewall-cmd –zone=public –add-port=8082/tcp –permanent

success

Save it.

firewall-cmd –reload

To check if this port (8082) is opened :

firewall-cmd –zone=public –list-all

public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http ssh
ports: 3306/tcp 53/udp 8082/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

Yes, 8082 listed.

Very neat in my opinion 🙂

p.s:

systemctl status firewalld

firewall-cmd –state

for check if the service (firewalld) run

Fix different date between PHP and CentOS server

Odd thing happen today when I see big difference between date from PHP output and date from shell.

PHP output :

22-12-2015 06:15:43

Shell output :

# date
Sel Des 22 13:19:54 WIB 2015

7 hour difference.

A few checklist for this case :

  1. Copy right timezone to localtime

# cp /usr/share/zoneinfo/Asia/Jakarta /etc/localtime

2.  Add right timezone to php.ini

#nano /usr/local/lib/php.ini

date.timezone = “Asia/Jakarta”

3. Check sysconfig clock

# nano /etc/sysconfig/clock

change Zone to “Asia/Jakarta”

4. Check for hardware clock aka hwclock

# hwclock
Sel 22 Des 2015 06:34:40 WIB -0.707297 seconds

Done.

Fix Starting httpd: (98)Address already in use

Quick note for myself. Today I have to increase php upload maximum size in Centos server.

I got this error :

# /sbin/service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]

 

Everything is fine and nothing change for configuration, the only strange is so many child process of apache.

# fuser 80/tcp
80/tcp:                398  1404  1546  2715  2762  2810  3750  4017  5110  5561  6714  7456  8079  8178  8179  8180  8665  8937  8938  8939  8947  8948  8949  8950  8951  8952  8953  8954  8955  8956  8959  8960  8977  8978  8979  9186 11382 13507 13547 13548 13574 13584 13587 13588 13589 14092 14570 15236 15742 20804 22014 23891 24560 24846 27136 27268 27269 27272 27996 29080 29268 29394 29395 29396 29803 30398 31883 32078 32555

Killall command is very suitable in this case :

# killall httpd

Try again :

# service httpd start
Starting httpd:                                            [  OK  ]

It works now 🙂

How to configure ssh access to virtualbox guest under NAT mode

Just quick note for my own 🙂

I need to ssh to my CentOS 6.6 box that run under Virtualbox with these steps :

1. NAT

Virtualbox will create private network using these address (10.0.2.xxx). Just set eth0 configuration to DHCP and everything will be set.

vbox_centos1

2.  Port forwarding setup to port 2222

Click Setting -> Network -> Port Forwarding

vbox_centos2

 

3. Test ssh connection

ssh [email protected] -p 2222
The authenticity of host ‘[127.0.1.1]:2222 ([127.0.1.1]:2222)’ can’t be established.
RSA key fingerprint is ee:81:d0:da:7e:b4:fe:bc:cd:d7:93:e0:fc:c3:63:80.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[127.0.1.1]:2222’ (RSA) to the list of known hosts.

[email protected]’s password:
Last login: Tue Jun 2 10:57:58 2015
[[email protected] ~]#

[[email protected] ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:1F:5E:0D
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe1f:5e0d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6410 errors:0 dropped:0 overruns:0 frame:0
TX packets:4175 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9148159 (8.7 MiB) TX bytes:234084 (228.5 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:600 (600.0 b) TX bytes:600 (600.0 b)

Of course the connection work on ‘temporary’ ip address. To make it permanent, editing /etc/sysconfig/ifcfg-eth0 needed to set ip address static.

Quick dns server for CentOS 7 minimal

Damn, this CentOS 7 minimal installation has taken my whole day. The last thing I want to try is dns server. Since I’ve working standard dns that use maradns under CentOS 5.10 then I’m going to try the steps here. Using CentOS 7.

# yum install gcc wget

# gcc -v

Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.8.2/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure –prefix=/usr –mandir=/usr/share/man –infodir=/usr/share/info –with-bugurl=http://bugzilla.redhat.com/bugzilla –enable-bootstrap –enable-shared –enable-threads=posix –enable-checking=release –with-system-zlib –enable-__cxa_atexit –disable-libunwind-exceptions –enable-gnu-unique-object –enable-linker-build-id –with-linker-hash-style=gnu –enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto –enable-plugin –enable-initfini-array –disable-libgcj –with-isl=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/isl-install –with-cloog=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/cloog-install –enable-gnu-indirect-function –with-tune=generic –with-arch_32=x86-64 –build=x86_64-redhat-linux
Thread model: posix
gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)

Download latest MaraDNS Source Code

# wget -c http://maradns.samiam.org/download/2.0/2.0.09/maradns-2.0.09.tar.bz2

# tar xvjf maradns-2.0.09.tar.bz2
tar (child): bzip2: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

Ups CentOS 7 minimal install not install bzip2

# yum install bzip2

Re extract

# tar xvjf maradns-2.0.09.tar.bz2

# cd maradns-2.0.09

# make

# make install

VERSION=2.0.09 ./build/install.sh
Installing MaraDNS, placing programs in /usr/local//bin/ and /usr/local//sbin/,
man pages in /usr/local//share/man/man1, /usr/local//share/man/man5,
and /usr/local//share/man/man8, and documents in /usr/local//doc/maradns-2.0.09
Adding MaraDNS startup scripts
Starting up MaraDNS at runlevel 3
starting up MaraDNS at runlevel 5

Start MaraDNS

# service maradns start
Starting all maradns processes
Starting maradns process which uses Mararc file /etc/mararc

Check it

# ps ax | grep mara
19635 pts/0    S      0:00 /usr/local/bin/duende /usr/local/sbin/maradns -f /etc/mararc
19636 pts/0    S      0:00 /usr/local/sbin/maradns -f /etc/mararc
19637 pts/0    S      0:00 /usr/local/bin/duende /usr/local/sbin/maradns -f /etc/mararc

# nano /etc/mararc

looking for ipv4_bind_address line and change it into :

ipv4_bind_addresses = “192.168.1.88, 127.0.0.1”

My lan ip address is 192.168.1.88

# chkconfig maradns on

Edit test dns zone file

# nano /etc/maradns/db.example.net

test.example.net.      +14400    soa    ns1.example.net. [email protected] 2012010117 14400 3600 604800 14400 ~
example.net.      +14400    ns     ns1.example.net. ~
example.net.      +14400    ns     ns2.example.net. ~
ns1.example.net.  +14400    a       192.168.1.88 ~
ns2.example.net.  +14400    a       192.168.1.88 ~
example.net.      +14400    a       127.0.0.1 ~
www.example.net.  +14400    a       127.0.0.1 ~
example.net.      +14400    mx     10 mail.example.net. ~
test.example.net. +14400    a       192.168.1.88 ~

save the file.

Restart maradns service

# service maradns restart

Sending all MaraDNS processes the TERM signal
waiting 1 second
Sending all MaraDNS processes the KILL signal
MaraDNS should have been stopped
Starting all maradns processes
Starting maradns process which uses Mararc file /etc/mararc

Testing using dig

# yum install bind-utils

# dig @192.168.1.88 test.example.net

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @192.168.1.88 test.example.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10783
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;test.example.net.        IN    A

;; ANSWER SECTION:
test.example.net.    14400    IN    A    192.168.1.88

;; AUTHORITY SECTION:
example.net.        14400    IN    NS    ns1.example.net.
example.net.        14400    IN    NS    ns2.example.net.

;; ADDITIONAL SECTION:
ns1.example.net.    14400    IN    A    192.168.1.88
ns2.example.net.    14400    IN    A    192.168.1.88

;; Query time: 0 msec
;; SERVER: 192.168.1.88#53(192.168.1.88)
;; WHEN: Kam Des 11 15:04:23 WIB 2014
;; MSG SIZE  rcvd: 118

Testing from other user in local area network

$ dig @192.168.1.88 test.example.net

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @192.168.1.88 test.example.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Seem firewall block udp connection and port 53.

# firewall-cmd --permanent --add-port=53/udp

# systemctl restart firewalld.service

# service maradns restart

Re test resolver from LAN

$ dig @192.168.1.88 test.example.net

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @192.168.1.88 test.example.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4614
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;test.example.net.        IN    A

;; ANSWER SECTION:
test.example.net.    14400    IN    A    192.168.1.88

;; AUTHORITY SECTION:
example.net.        14400    IN    NS    ns1.example.net.
example.net.        14400    IN    NS    ns2.example.net.

;; ADDITIONAL SECTION:
ns1.example.net.    14400    IN    A    192.168.1.88
ns2.example.net.    14400    IN    A    192.168.1.88

;; Query time: 1 msec
;; SERVER: 192.168.1.88#53(192.168.1.88)
;; WHEN: Fri Dec 12 10:10:29 WIB 2014
;; MSG SIZE  rcvd: 118

Good, dns server work now for my CentOS 7 minimal installation 🙂