I’d like to be able to access my development servers from other computers in my home. I had this working last week, but then I went and got a new hard drive and I wanted to put my OS on that, instead - and I’ve been unable to get it working again.
Here’s what I’ve done:
Firewalld has been (permanently) configured so:
- ‘home’ is my default zone
- http & https are enabled on ‘home’
The local web server I’m running works, and I’ve confirmed it’s a firewall issue: if I disable the firewalld service via systemctl, I can access the web server just fine.
when I look at the output of nft list table inet firewalld
, I see the following:
chain filter_IN_home {
jump filter_IN_home_pre
jump filter_IN_home_log
jump filter_IN_home_deny
jump filter_IN_home_allow
jump filter_IN_home_post
meta l4proto { icmp, ipv6-icmp } accept
}
and
chain filter_IN_home_allow {
tcp dport 22 accept
ip daddr 224.0.0.251 udp dport 5353 accept
ip6 daddr ff02::fb udp dport 5353 accept
udp dport 137 ct helper set "helper-netbios-ns-udp"
udp dport 137 accept
udp dport 138 accept
ip6 daddr fe80::/64 udp dport 546 accept
tcp dport 80 accept
tcp dport 631 accept
udp dport 631 accept
udp dport 443 accept
tcp dport 443 accept
tcp dport 3306 accept
}
which, like, seems like it should work? but when I hard refresh after starting firewalld again, I see the following line in journalctl -x -e
Jul 28 22:43:10 desktop kernel: filter_IN_home_REJECT: IN=enp8s0 OUT= MAC=blahblahblah SRC=10.0.0.143 DST=10.0.0.59 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23147 DF PROTO=TCP SPT=37772 DPT=5173 WINDOW=64240 RES=0x00 SYN URGP=0
Anyone know what I’m missing here?