firewalld - same source in different zones

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi.

I have a little trouble with firewalld. I'm trying to open some ports
for monitoring server, but it's in the same network as "home" zone:

Monitored host (192.168.111.60):

lukasz @ strategie 17:52:19  ~ $ 
  ->  sudo firewall-cmd --get-active
home
  sources: 192.168.111.0/24
  (open ports 22, 80, 443)
monitoring
  sources: 192.168.111.19
  (open ports: 5666)
public
  interfaces: ens18
  (no open ports)

---------------------------------------------------

Monitoring host (192.168.111.19):

lukasz @ potemkin 17:57:25  ~ $ 
  ->  telnet strategie.ping.local 5666
Trying 192.168.111.60...
telnet: connect to address 192.168.111.60: No route to host

lukasz @ potemkin 17:57:26  ~ $ 
  ->  telnet strategie.ping.local 80
Trying 192.168.111.60...
Connected to strategie.ping.local.
Escape character is '^]'.
^]
telnet> Connection closed.

---------------------------------------------------

I think there are conflicting rules on a monitored host, that:
- prevent access to 5666 from 192.168.111.0/24,
- give access to 5666 from 192.168.111.19
and packets from potemkin are routed trough a home zone.

I really would like to have dedicated "monitor" zone. Is there a way to
give "monitor" zone more priority, than "home"? I may end with OpenVPN
on potemkin and use 172.30.25.0/24 for monitoring, but, apart from
encryption aspect, it seems a little excessive.

Thank You.

-- 
Łukasz Posadowski


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux