1

I have centos7 with virtualmin installed. I wanted to block port 22, so I opened another port (Example 1050) for SSH. This is what I did. 

vi /etc/ssh/sshd_config

..changed port 22 to port 1050 for example

yum install firewalld
systemctl unmask firewalld
sudo systemctl start firewalld
sudo firewall-cmd --zone=public --add-port=1050/tcp --permanent
sudo firewall-cmd --reload
service sshd restart 
systemctl enable firewalld

All is good as ssh port is working on 1050, but I could not access any websites on server nor was virtualmin loading in browser, but then I realized, I need to add services so I did this:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --zone=public --add-port=10000/tcp --permanent
sudo firewall-cmd --reload
service httpd restart

Now, all is fine. But the problem is I can not access my site when i use prefix "www." It works with just "http" or "https" but not "www" I also have DNS properly pointing "www" to IP address (it was working before installing firewalld)..can you help ?

Aaron Copley
  • 12,525
  • 5
  • 47
  • 68
nelson
  • 11
  • 1
  • I fail to understand what changing your SSH daemon port has to with how and if you can access your website? But to change the SSH daemon port and RHEL7 and CentOS7 you also need to update the SELinux policy: `semanage port -a -t ssh_port_t -p tcp 1050` – HBruijn Jun 17 '16 at 16:07
  • Hi HBruijn, I am aware that for SELinux systems, you have to run that command but when I ran it, It gave me error. (don't have exact verbiage of error now..because now if I run that command, it says that port no is already defined). Is that the only reason though that www part of site is not working ? – nelson Jun 17 '16 at 19:54

1 Answers1

-1

This sounds more like a DNS issue.

www is not supposed to be pointing to your IP address.

The naked domain (yourdomain.com) is supposed to be pointing to an IP address.

Your www is supposed to be a CNAME pointing to yourdomain.com

yourdomain.com   A      123.123.123.123
www              CNAME  yourdomain.com
Jeffrey Wen
  • 284
  • 3
  • 11
  • 1
    There is no requirement at all for the `www` or any other resource record to be a CNAME record pointing to the zone name instead of using an `A` record. – HBruijn Jun 17 '16 at 15:57
  • Hi Jeffrey, interestingly, I did not have www as CNAME record before installing firewalld, but www part was working as intended. Since then I have not modified DNS, but not sure if I should because it was working fine before. – nelson Jun 17 '16 at 19:56