First off, I apologize if this has already been asked before but I wasn't able to find any answer looking through the info available on SE.
My situation is as follows: I have one CentOS 7 server that stands at the forefront providing a number of services. It is hooked up with one ethernet port public (eno1) and one ethernet port LAN (eno2) Connected to the LAN is a second server that i want to forward traffic to on a certain port.
FirewallD provides port forwarding and it works. So far, so good! However, there is a major issue I'm running into: I want to limit who has access to that forwarded service by public IP, and I haven't been able to figure that one out because FirewallD seem to be way too simplistic in what can be done with it. Great if you just want to open a service up to the 'net for everyone, but not so much when you only want to open it up to specific scopes. An additional problem is that on the target server on the LAN, all source IPs for the forwarded traffic are the gateway server's LAN address (10.0.0.1). This means I also can't filter traffic on the target server by IP, leaving the service open to the world (which I don't want)
Is there any way to do this with firewalld? i've tried to do it manually with iptables but had to admit defeat. following all info I could find I never got forwarding to work...
Clarification:
Internet -> (eno1, public IP) -> Centos -> (eno2, 10.0.0.1) -> target server (10.0.0.2)