Centos 7 firewalld Zone Issue

tech0925 · 02-28-2019, 05:39 PM

I have been trying to figure out how to fix the issue I am having. I have two zones, public (default) and internal. Here is what that looks like.

public (active)
target: default
icmp-block-inversion: no
interfaces: enp7s0
sources:
services: https http
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

internal (active)
target: default
icmp-block-inversion: no
interfaces: enp10s0
sources: xx.xx.xx.xx/32 xx.xx.xxx.xxx/32
services: mdns samba-client dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

My problem is that I can view my site when I'm not connected to the same network that the server is on. However, when connected to the same network then the site is not accessible. What am I doing wrong? Also, is the services that I have open in public good enough for web related websites or are there others you would recommend opening? I am running a PHP web server.

Thanks!

mralk3 · 02-28-2019, 09:20 PM

You need to also open the ports for http and https internally.

Code:

firewall-cmd --permanent --zone internal --add-service=http

firewall-cmd --permanent --zone internal --add-service=https

firewall-cmd --reload

run as root or with sudo privileges.

Edit:. I'm sure there is also a way to forward http(s) traffic to your internal network to public interface using rich rules, but the above is much less complicated.

You can also enable masquerading but that is dependent on what kind of device/firewall/security you wish to implement.

tech0925 · 03-01-2019, 05:55 PM

Thank you! I did this before but it didn't work but now it is. Weird. Thanks again!

mralk3 · 03-01-2019, 11:23 PM

glad to help!