Hi.
I have a little trouble with firewalld. I'm trying to open some ports
for monitoring server, but it's in the same network as "home" zone:
Monitored host (192.168.111.60):
lukasz @ strategie 17:52:19 ~ $
-> sudo firewall-cmd --get-active
home
sources: 192.168.111.0/24
(open ports 22, 80, 443)
monitoring
sources: 192.168.111.19
(open ports: 5666)
public
interfaces: ens18
(no open ports)
---------------------------------------------------
Monitoring host (192.168.111.19):
lukasz @ potemkin 17:57:25 ~ $
-> telnet strategie.ping.local 5666
Trying 192.168.111.60...
telnet: connect to address 192.168.111.60: No route to host
lukasz @ potemkin 17:57:26 ~ $
-> telnet strategie.ping.local 80
Trying 192.168.111.60...
Connected to strategie.ping.local.
Escape character is '^]'.
^]
telnet> Connection closed.
---------------------------------------------------
I think there are conflicting rules on a monitored host, that:
- prevent access to 5666 from 192.168.111.0/24,
- give access to 5666 from 192.168.111.19
and packets from potemkin are routed trough a home zone.
I really would like to have dedicated "monitor" zone. Is there a way to
give "monitor" zone more priority, than "home"? I may end with OpenVPN
on potemkin and use 172.30.25.0/24 for monitoring, but, apart from
encryption aspect, it seems a little excessive.
Thank You.
--
Łukasz Posadowski
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
