I needed to configure a NetScreen firewall to allow access to the Simple Mail Transfer Protocol (SMTP) port, port 25, on a CentOS 7 email server behind the firewall. After configuring the NetScreen firewall to allow SMTP connectivity, I found I still was not able to connect to the mail sever behind it from an external system. When I tested using Telnet, i.e.,
telnet 192.168.0.7 25, I saw a "no route to host" message.
$ telnet 192.168.1.7 25 Trying 192.168.1.7... telnet: connect to address 192.168.1.7: No route to host $
So I used the debug command on the NetScreen firewall to view traffic to the SMTP port, which showed me it was passing the traffic to the email server behind it. So I then checked the host-based software on the CentOS server. Since it was running CentOS 7, the default firewall management software on it is FirewallD. I first checked to see what services the firewall was allowing through and saw that SMTP wasn't included, so I added that to the allowed services and made it a permanent rather than temporary change. For permanent changes, the firewall software must be reloaded, so I then issued a reload command. Since I ran the commands from a normal user account, I was prompted to provide the root account password to add the service and reload the firewall software.
$ firewall-cmd --list-services dhcpv6-client ssh $ firewall-cmd --add-service=smtp --permanent success $ firewall-cmd --reload success $ firewall-cmd --list-services dhcpv6-client smtp ssh $
[ More Info ]