Profile cover photo
Profile photo
Christopher Müller (equaliser)
74 followers -
Things are relative
Things are relative

74 followers
About
Christopher's posts

Hey guys,

I have a big question. We have setup a CentOS-Minimal-Machine with libvirt. Its a fresh installation - nothing else is installed. Then we have disabled iptables and installed firewalld.

Our goal is to forword an ssh login via custom port 2221 to a virtual-machins port 22. So x.x.0.153:22 is the ssh-host-login and x.x.0.x:2221 should be the forward-ssh-login for the vm with ip-addr y.y.100.11 with port 22.

Below our firewalld-config. But after that login via x.x.0.153:2221 we got an refused response (login was: ssh -p 2221 USER@x.x.0.153)

Information:

x.x. means our external Addr
y.y. means our internal Addr






# 1. Disable iptable


systemctl disable --now iptables.service

systemctl disable --now ip6tables.service

systemctl disable --now etables.service

systemctl disable --now ipset.service


# 2. Install firewalld

yum install firewalld firewall-config firewall-applet

systemctl unmask --now firewalld.service

systemctl enable --now firewalld.service


# 3. Check Status

systemctl status firewalld

firewall-cmd --state


# 4. Start firewalld

systemctl start firewalld.service



# 5. Add Zone

firewall-cmd --permanent --new-zone=genconfig


# 6. Add Interfaces to genconfig

firewall-cmd --change-interface=virbr0 --zone=genconfig --permanent

firewall-cmd --change-interface=eth0 --zone=genconfig --permanent


# 7. Add Service to genconfig

firewall-cmd --permanent --zone=genconfig --add-service=ssh


# 8. Add Source to genconfig

firewall-cmd --zone=genconfig --add-source=y.y.100.0/24 --permanent

firewall-cmd --zone=genconfig --add-source=x.x.0.129/32 --permanent


# 9. Check if SSH is allowing TCP

cat /usr/lib/firewalld/services/ssh.xml


# 10. Add Masquerade to genconfig

firewall-cmd --permanent --zone=genconfig --add-masquerade



# 11.Add permanent Port 2221 to genconfig

firewall-cmd --zone=genconfig --add-port=2221/tcp --permanent


# 12. Add Port Forward to zone genconfig

firewall-cmd --zone=genconfig --add-forward-port=port=22:proto=tcp:toport=2221:toaddr=y.y.100.11


# 13. Reload

firewall-cmd --reload



# 14. Set zone genconfig as Default

firewall-cmd --set-default-zone=genconfig


# 15. Reload

firewall-cmd --reload


# 16. List All

firewall-cmd --list-all


# Check iptable

iptables -L -v

6 252 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited




It would be great to get any ideas. We are working on this a few days.


I dont get it - I need help:

via Pacman I've installed software like thunar-archive-manager.

but if I try extract a package the thunar-archive-manager wont start. If I try to start thunar-archive-manager via terminal it says, cant found command.

I reinstalled it, but still the same.

Then I try to TAB the entry in terminal, there is no autofill, so its like the system cant found the programm.

I have this issue with different software. Bitwig-Studio hase the same problem.

Can anyone give a tip

Do anyone knows, dark flat Mixxx Themes. There are so less shared themes out there

Post has attachment
Linux sixtyTWO 4.8.4-1-ARCH

Guys, I love that shit
Photo

Post has attachment
Genre: Electronic Beat BPM: 130, Mood: Impulsive Slow DnB

Post has attachment
HipHop, ChillHop, Intrumentals - DemoSet of "SundayBeats"

Post has attachment
One more of an old tune. My new ones will come after
(Electro, Beat, Bass, Kind of Filth - I dont make any Filth no more, lol, 130 BPM)

Post has attachment
Here is a very old Tune of mine.
(Dubstep, Bass, Kind of Filth, 140 BPM)

Post has shared content

Post has attachment
Hackerwars
Wait while more posts are being loaded