0

I connected two network interfaces to a server running centOS 7 and I configured the public zone to allow inbound tcp connections on port 80 & 443, I then set one of the network interfaces to the public zone. I further configured a public IP on the firewall to forward all incoming connection on port 80 or 443 to the server's IP.

Consequently, I configured the other network interface to the internal zone

But the problem is whenever both of the network interfaces are active I cannot connect to the webpage hosted on the server. But when the interface configured on the internal zone is turned off, then the webpage becomes accessible.

Dev
  • 101
  • 2
    You need to provide more details like routing information and how you are accessing the web server. – Khaled Mar 15 '17 at 09:12
  • @Khaled I used a web browser on another client, from a different network to test and then, I get the results mentioned earlier (i.e Whenever both network interfaces are connected at the same time, the website stops working, but when the one configured on the internal zone is turned off, the website becomes accessible). With regards to routing information, what exactly do you need, if I may ask, because to me it seems there is a conflict between both interfaces on the server, that I can't seem to figure out. – Dev Mar 15 '17 at 12:47
  • 1
    Can you show the firewall rules, routing info, and ports listening? – pbacterio Mar 15 '17 at 15:44

1 Answers1

0

As hinted at by @Khaled, this sounds like a routing issue.

One possible cause could be the use of DHCP on the 'internal' zone, if DHCP is providing a default route.

A first step to check is running ip r, and looking for a line that starts with default: 

$ ip r
default via 10.0.253.1 dev wlp3s0 proto static metric 600

If that is pointing to the internal zone, then that it most likely what is causing your issue. If you have two default routes, the one with the lowest metric 'wins' - and if that is your internal zone, then this is the most likely cause of your issue.

It may be easiest to statically configure the internal NIC on this server, or you can ignore any default route pushed by DHCP, by adding DEFROUTE=no in your internal interface's script (e.g. /etc/sysconfig/network-scripts/ifcfg-INTERFACE

iwaseatenbyagrue
  • 3,588
  • 12
  • 22
  • Hi sorry for the belated response. The routing information on the server was OK. After restarting the firewall service a couple of times it started working. – Dev May 30 '17 at 08:20