I have the following configuration on my gateway:
Thus, when I go to https://ext-ip, I see published resource (https://10.128.5.200). But I have the following issue: when I try to https from trusted network (ex. https://google.com), I also see https://10.128.5.200. It seems that firewalld port-forwards outgoing traffic. I tried to RTFM and google the situation, but the only thing I found was an issue at firewalld's github (https://github.com/firewalld/firewalld/issues/258).
Code: Select all
[root@gw server]# uname -a Linux gw 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@gw server]# cat /etc/centos-release CentOS Linux release 7.4.1708 (Core) [root@gw server]# firewall-cmd --version 0.4.4.4 [root@gw server]# firewall-cmd --get-active-zones public interfaces: ens160 trusted interfaces: ens192 [root@gw server]# firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: ssh dhcpv6-client openvpn ports: protocols: masquerade: yes forward-ports: port=443:proto=tcp:toport=:toaddr=10.128.5.200 source-ports: icmp-blocks: rich rules: [root@gw server]# firewall-cmd --zone=trusted --list-all trusted (active) target: ACCEPT icmp-block-inversion: no interfaces: ens192 sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Could you please tell me if this is a bug or I do something wrong (and how to do it right, yes)?
Thanks a lot in advance.