My workstation is on subnet 172.16.0.0/22, servers are on subnet 192.186.1.0/24
With the firewall off, I can ssh into the servers with no problem.
I set the firewall zone for eth0 to public and added the services SSH / HTTP. When I reload the firewall, I get locked out.
What the Heck
Is there something I should know about the firewall across subnets? The subnets are separated by a consumer grade cisco router(EA2700).
I know for sure the problem is in firewalld on the servers. It works when firewalld is off.
Firewall problems
-
- Posts: 171
- Joined: 2017/02/07 21:47:51
Re: Firewall problems
So, I'm using the wireless interface so I can set the machine right next to me while I configure because I get locked out many times. Because I'm a noob and make mistakes. The firewall seems to block everything when eth0 is up. If I use "ifdown eth0" and shutoff the interface. Like magic, the firewall lets me ssh into the wireless interface @ ".1.101".
I'm still testing other configs. I'll keep making notes here.
I'm still testing other configs. I'll keep making notes here.
Re: Firewall problems
Don't tell it to set the default route on both interfaces. Pick one and stick to it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 171
- Joined: 2017/02/07 21:47:51
Re: Firewall problems
TrevorH wrote:Don't tell it to set the default route on both interfaces. Pick one and stick to it.
I want to set the router forward to use eth0(.1.2) to host http and use wlan0(.1.101) to allow everything else originating from inside my network.
Will that work or do I need to re-think my strategy?
-
- Posts: 171
- Joined: 2017/02/07 21:47:51
Re: Firewall problems
supertight wrote:TrevorH wrote:Don't tell it to set the default route on both interfaces. Pick one and stick to it.
I want to set the router forward to use eth0(.1.2) to host http and use wlan0(.1.101) to allow everything else originating from inside my network.
Will that work or do I need to re-think my strategy?
I ran
Code: Select all
$ ip route
$ ip route del ***.***.1.1