1

I am building a new server and i am using Firewalld for the first time.

I have a loadbalancer that takes public ip requests and routes them to one of my servers with internal IPs

These servers have both public and private ips.

The public ips are restricted access to one IP and that works.

What i am trying to allow all requests to 192.168.194.138 to have access to all ports

I have tried creating a service /etc/firewalld/services/internalIP.xml and have added the service to the trusted zone, but does not make a difference.

I can not access 192.168.194.138 unless I disable Firewalld.

My public IP is on eth0 and my private ip is on eth0:1

This is internalIP.xml :

<?xml version="1.0" encoding="utf-8"?>
<service>
  <description>Allow all on non-routable ip</description>
  <destination ipv4="192.168.194.138" />
</service>

These are my zones:

firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports: 220/tcp 10016/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

and

firewall-cmd --zone=trusted --list-all
trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources: 67.my.ip
  services: internalIP
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
randy
  • 141
  • 3
  • There is no such thing as eth0:1. Both of your IP addresses will be on eth0. – Michael Hampton Dec 27 '20 at 18:20
  • @MichaelHampton thanks for the response Michael, i do understand that. but if you notice in my service i do not specify an interface. So what do i need to do to allow all requests that come in on 192.168.194.138? – randy Dec 28 '20 at 00:25

0 Answers0