Ask Your Question
0

Why don't netstat and firewall-cmd agree?

asked 2016-05-14 17:22:03 -0600

paulhr gravatar image

updated 2016-05-14 17:28:26 -0600

I am a Fedora newbie.

Firewall-cmd says port 8080 is open but netstat does not agree. Why? What don't I understand?

firewall-cmd --get-default-zone

public

firewall-cmd --info-zone=public

public (default, active)
interfaces: enp2s0
sources:
services: dhcpv6-client mdns ssh
ports: 8080/tcp
protocols:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

firewall-cmd --zone=public --add-port=8080/tcp

Warning: ALREADY_ENABLED: '8080:tcp' already in 'public'

netstat -tln

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2016-05-14 22:03:09 -0600

LexicalScoped gravatar image

My Best guess, you have the port open, but you have no service actively listening for traffic on that port.

The Firewall simply says to allow or deny traffic coming in on that port - it doesn't particularly care about the traffic itself.

Netstat -tln is looking only at actively listening tcp ports.

Based on the port number you have posted (8080) you are most likely working with a web server

Have you confirmed it is configured for that port and that the service is running?

I don't particularly want to load up a web server right now, so I reproduced using SSHD.

Prior to the move ssh is listening on 22:

Netstat -tln

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN

After moving ssh over to listen on 8080

Netstat -tln

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2016-05-14 17:22:03 -0600

Seen: 956 times

Last updated: May 14 '16