firewalld service file for dhcpd-failover

The problem

I have been practicing with ISC dhcp in preparation for overhauling my network. While working with dhcp failover peers, I have run into a problem. My peers couldn’t talk to each other. I eventually figured out it was the firewall. Some of the errors I got included:

Apr 05 17:56:55 centos7-01a.vm.example.com dhcpd[956]: failover peer allvm: I move from recover to startup
Apr 05 17:56:55 centos7-01a.vm.example.com systemd[1]: Started DHCPv4 Server Daemon.
Apr 05 17:57:10 centos7-01a.vm.example.com dhcpd[956]: failover peer allvm: I move from startup to recover

The solution

With the help of a post on the World Wide Web, I have shamelessly ripped off a firewalld service file. Loading this file into the firewall daemon solved my dhcp failover peer communication problem. Do this on both servers.

tf=/usr/lib/firewalld/services/dhcpd-failover.xml
touch "${tf}"; chmod 0644 "${tf}"
cat <<EOF >"${tf}"
<?xml version="1.0" encoding="utf-8"?>
<!-- Reference: https://www.centos.org/forums/viewtopic.php?t=54348 -->
<service version="1.0">
  <short>DHCPD Failover</short>
  <description>This allows a DHCP server to communicate with a failover peer.</description>
  <port protocol="tcp" port="647" />
</service>
EOF
systemctl reload firewalld.service
firewall-cmd --permanent --add-service=dhcpd-failover
firewall-cmd --reload

References

Weblinks

  1. https://www.centos.org/forums/viewtopic.php?t=54348
  2. DHCP failover guide http://geekyadmins.com/dhcp-server-setup-with-failover-in-centos-7/

firewalld open nfs

Overview

Joining the many other www pages about opening up your host firewall to allow nfs is this one!
On CentOS 7, which went systemd for better or for worse, firewalld is the default firewall solution. I like how everything is a file, so you can just use xml to make things extensible.
firewall-cmd --permanent --add-service=nfs --add-service=rpc-bind --add-service=mountd
firewall-cmd --reload

That’s it! You just need to open up the predefined services nfs, rpc-bind, and mountd. Thanks to all the countless posts out there that helped me research this. I didn’t save any of the links, because this time I’m assuming it’s such general knowledge it doesn’t need special credits.

Bonus: if you want to read the definitions of the predefined services and other elements for firewalld, check out directory /usr/lib/firewalld/. I know I’ve written my own service definitions (for Plex Media Server) in the past.