I have several applications running on my C7 box, and some of them are "internal only", meaning that they are (or should be) accessible only from my internal network, while others are "external", where they are accessible from the internet.
Question is how can I configure the firewalld service to allow me to configure the "external" firewall with the ports of the external applications, but use the "internal" firewall for the internal applications, so they cannot be accessed from the outside? I currently have them in the "external" list, which I know is bad, but that was the only way I could get the apps to be accessible, even from the internal network.
I do have the internal apps configured to only allow connections from the local LAN, so I know no one from the outside can actually login to the apps, but I want to make sure they can't even connect.
how to configure firewalld for internal and external ports
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: how to configure firewalld for internal and external por
You only port forward on the internet facing router those ports you want accessible from the internet.
Re: how to configure firewalld for internal and external por
This isn't port forwarding. I know that's done on the router.
I'm talking just opening ports on the firewall (iptables).
There are options for internal, external, home, public, trusted, work, drop, dmz, and block. (they are called "zones" within the configuration app.)
I'm talking just opening ports on the firewall (iptables).
There are options for internal, external, home, public, trusted, work, drop, dmz, and block. (they are called "zones" within the configuration app.)
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: how to configure firewalld for internal and external por
https://access.redhat.com/documentation ... walls.html
An interface is assigned to a zone.
Unless you have multiple interfaces on your machine, stick to properly configuring your edge router.
An interface is assigned to a zone.
Unless you have multiple interfaces on your machine, stick to properly configuring your edge router.