Hi Everyone,
I hope you guys can help me out with what i am trying to accomplish.
I have the following config
[root@Router log]# firewall-cmd --get-active-zones VPN interfaces: tun0 external interfaces: p2p1 internal interfaces: p6p1 [root@Router log]# firewall-cmd --zone=VPN --list-all VPN (active) interfaces: tun0 sources: services: ports: masquerade: yes forward-ports: icmp-blocks: rich rules:
[root@Router log]# firewall-cmd --zone=external --list-all external (active) interfaces: p2p1 sources: services: http https ssh ports: 2012/tcp masquerade: yes forward-ports: port=2082:proto=tcp:toport=22:toaddr=192.168.13.108 port=2072:proto=tcp:toport=22:toaddr=192.168.13.107 port=5000-5020:proto=tcp:toport=5000-5020:toaddr=192.168.13.104 port=2052:proto=tcp:toport=22:toaddr=192.168.13.105 port=2092:proto=tcp:toport=22:toaddr=192.168.13.109 port=2042:proto=tcp:toport=22:toaddr=192.168.13.104 port=2062:proto=tcp:toport=22:toaddr=192.168.13.106 port=5000-5020:proto=udp:toport=5000-5020:toaddr=192.168.13.104 port=2022:proto=tcp:toport=22:toaddr=192.168.13.102 icmp-blocks: rich rules:
[root@Router log]# firewall-cmd --zone=internal --list-all internal (default, active) interfaces: p6p1 sources: services: Viber dhcp dhcpv6-client dns google-services hangouts http https ipp-client mdns samba-client ssh vnc-server ports: 2032/tcp 3126/tcp 3127/tcp 8080/tcp 10000/tcp 3128/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
[root@Router log]#
When VPN is not connected i am able to connect from a remote location because of all the port forwardings that are defined in the external zone. When the VPN is connected, they dont work. I was wondering if any of you could help me out to get the port forwarding in the external zone to work even when VPN is connected.
sam
I have not made much progress on this. So more help would be appreciated :)
Here are my port forwarding rules on the external interface
[root@Router log]# firewall-cmd --zone=external --list-all external (active) interfaces: p2p1 sources: services: http https ssh ports: 2012/tcp masquerade: yes forward-ports: port=2082:proto=tcp:toport=22:toaddr=192.168.13.108 port=2072:proto=tcp:toport=22:toaddr=192.168.13.107 port=5000-5020:proto=tcp:toport=5000-5020:toaddr=192.168.13.104 port=2052:proto=tcp:toport=22:toaddr=192.168.13.105 port=2092:proto=tcp:toport=22:toaddr=192.168.13.109 port=2042:proto=tcp:toport=22:toaddr=192.168.13.104 port=2062:proto=tcp:toport=22:toaddr=192.168.13.106 port=5000-5020:proto=udp:toport=5000-5020:toaddr=192.168.13.104 port=2022:proto=tcp:toport=22:toaddr=192.168.13.102 icmp-blocks: rich rules:
Can someone tell me when these port forwarding rules are applied, is it before routing or after routing?
On 07/04/2015 11:06 AM, Sam Irlapati wrote:
Hi Everyone,
I hope you guys can help me out with what i am trying to accomplish.
I have the following config
[root@Router log]# firewall-cmd --get-active-zones VPN interfaces: tun0 external interfaces: p2p1 internal interfaces: p6p1 [root@Router log]# firewall-cmd --zone=VPN --list-all VPN (active) interfaces: tun0 sources: services: ports: masquerade: yes forward-ports: icmp-blocks: rich rules:
[root@Router log]# firewall-cmd --zone=external --list-all external (active) interfaces: p2p1 sources: services: http https ssh ports: 2012/tcp masquerade: yes forward-ports: port=2082:proto=tcp:toport=22:toaddr=192.168.13.108 port=2072:proto=tcp:toport=22:toaddr=192.168.13.107 port=5000-5020:proto=tcp:toport=5000-5020:toaddr=192.168.13.104 port=2052:proto=tcp:toport=22:toaddr=192.168.13.105 port=2092:proto=tcp:toport=22:toaddr=192.168.13.109 port=2042:proto=tcp:toport=22:toaddr=192.168.13.104 port=2062:proto=tcp:toport=22:toaddr=192.168.13.106 port=5000-5020:proto=udp:toport=5000-5020:toaddr=192.168.13.104 port=2022:proto=tcp:toport=22:toaddr=192.168.13.102 icmp-blocks: rich rules:
[root@Router log]# firewall-cmd --zone=internal --list-all internal (default, active) interfaces: p6p1 sources: services: Viber dhcp dhcpv6-client dns google-services hangouts http https ipp-client mdns samba-client ssh vnc-server ports: 2032/tcp 3126/tcp 3127/tcp 8080/tcp 10000/tcp 3128/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
[root@Router log]#
When VPN is not connected i am able to connect from a remote location because of all the port forwardings that are defined in the external zone. When the VPN is connected, they dont work. I was wondering if any of you could help me out to get the port forwarding in the external zone to work even when VPN is connected.
sam
Is there a way in firewall-config to say that i want all port forwarding to use a different routing table?
On 07/10/2015 02:18 PM, Samuel Irlapati wrote:
I have not made much progress on this. So more help would be appreciated :)
Here are my port forwarding rules on the external interface
[root@Router log]# firewall-cmd --zone=external --list-all external (active) interfaces: p2p1 sources: services: http https ssh ports: 2012/tcp masquerade: yes forward-ports: port=2082:proto=tcp:toport=22:toaddr=192.168.13.108 port=2072:proto=tcp:toport=22:toaddr=192.168.13.107 port=5000-5020:proto=tcp:toport=5000-5020:toaddr=192.168.13.104 port=2052:proto=tcp:toport=22:toaddr=192.168.13.105 port=2092:proto=tcp:toport=22:toaddr=192.168.13.109 port=2042:proto=tcp:toport=22:toaddr=192.168.13.104 port=2062:proto=tcp:toport=22:toaddr=192.168.13.106 port=5000-5020:proto=udp:toport=5000-5020:toaddr=192.168.13.104 port=2022:proto=tcp:toport=22:toaddr=192.168.13.102 icmp-blocks: rich rules:
Can someone tell me when these port forwarding rules are applied, is it before routing or after routing?
On 07/04/2015 11:06 AM, Sam Irlapati wrote:
Hi Everyone,
I hope you guys can help me out with what i am trying to accomplish.
I have the following config
[root@Router log]# firewall-cmd --get-active-zones VPN interfaces: tun0 external interfaces: p2p1 internal interfaces: p6p1 [root@Router log]# firewall-cmd --zone=VPN --list-all VPN (active) interfaces: tun0 sources: services: ports: masquerade: yes forward-ports: icmp-blocks: rich rules:
[root@Router log]# firewall-cmd --zone=external --list-all external (active) interfaces: p2p1 sources: services: http https ssh ports: 2012/tcp masquerade: yes forward-ports: port=2082:proto=tcp:toport=22:toaddr=192.168.13.108 port=2072:proto=tcp:toport=22:toaddr=192.168.13.107 port=5000-5020:proto=tcp:toport=5000-5020:toaddr=192.168.13.104 port=2052:proto=tcp:toport=22:toaddr=192.168.13.105 port=2092:proto=tcp:toport=22:toaddr=192.168.13.109 port=2042:proto=tcp:toport=22:toaddr=192.168.13.104 port=2062:proto=tcp:toport=22:toaddr=192.168.13.106 port=5000-5020:proto=udp:toport=5000-5020:toaddr=192.168.13.104 port=2022:proto=tcp:toport=22:toaddr=192.168.13.102 icmp-blocks: rich rules:
[root@Router log]# firewall-cmd --zone=internal --list-all internal (default, active) interfaces: p6p1 sources: services: Viber dhcp dhcpv6-client dns google-services hangouts http https ipp-client mdns samba-client ssh vnc-server ports: 2032/tcp 3126/tcp 3127/tcp 8080/tcp 10000/tcp 3128/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
[root@Router log]#
When VPN is not connected i am able to connect from a remote location because of all the port forwardings that are defined in the external zone. When the VPN is connected, they dont work. I was wondering if any of you could help me out to get the port forwarding in the external zone to work even when VPN is connected.
sam
firewalld-users@lists.fedorahosted.org