Hello.
Sorry for my English but I have some trouble with configuring firewalld and need your help.
My server has 2 network interfaces and site to site GRE over IPSEC tunnel with another office
ens192: 136.243.xxx.xxx
ens224: 192.168.100.1
Another office network; 192.168.2.0/24
My zones:
external (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ipsec openvpn ssh
ports: 4500/tcp 50022/tcp 500/udp 4500/udp 51022/tcp
protocols:
masquerade: yes
forward-ports: port=81:proto=tcp:toport=81:toaddr=192.168.100.10
port=10022:proto=tcp:toport=22:toaddr=192.168.100.10
sourceports:
icmp-blocks:
rich rules:
rule protocol value="ah" accept
rule protocol value="esp" accept
internal (active)
target: default
icmp-block-inversion: no
interfaces: ens224
sources:
services: dhcpv6-client dns ftp http mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: gre1 tun0
sources:
services:
ports:
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Troubles start when I forward port by the rule for example:
firewall-cmd --zone=external --add-forward-port=port=81:proto=tcp:toport=81:toaddr=192.168.100.40 --permanent
firewall-cmd --reload
All work good and I can connect to my internal server from internet ( 136.243.xxx.xxx:81) and from my another office lan (192.168.100.40:81)
But if I try to connect from my office lan to another server ip and same port (for example 192.168.100.30:81) I forward to 192.168.100.40:81 again.
How can I fix this problem?
How can I do next:
If I connect from internet to ip 136.243.xxx.xxx:81 -> firewalld redirect me to 192.168.100.40:81
If I connect from office lan (192.168.2.0/24) to 192.168.100.40:81 -> firewalld get access to 192.168.100.40:81
If I connect from office lan (192.168.2.0/24) to 192.168.100.30:81 -> firewalld get access to 192.168.100.30:81 and doesn't redirect me to 192.168.100.40:81
Troubles with firewalld-vpn-port forwarding
Re: Troubles with firewalld-vpn-port forwarding
I have already resolved this problem.
I removed all forward rules and created rich rules with destination address - my external IP.
I removed all forward rules and created rich rules with destination address - my external IP.