I'm trying to configure a simple test environment with 3 machines :
- One Kali to simulate internet : IP = 10.99.0.2
- One CentOS that acts as a firewall using firewalld : IPs = 10.99.0.1, 10.4.1.1
- One CentOS that acts as a web server using httpd : IP = 10.4.1.2
A small representation of the environment:
|Kali|------------------(ens160) |Firewalld| (ens192)------------------- |Web Server|
10.99.0.2 10.99.0.1 | 10.4.1.1 10.4.1.2
I can ping 10.4.1.2 from 10.99.0.2 but, only when firewalld is activated, I can't get the default web page on 10.4.1.2 from 10.99.0.2.
I tried to do a tcpdump on the FW, I can see the http request going from kali to firewalld but then firewalld respond with an ICMP packet : ICMP host 10.4.1.2 unreachable - admin prohibited
. As I could understand, this icmp message is sent from the FW if the request is blocked.
Here is the configuration of the two zones : public and dmz
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: http https
ports: 443/tcp 80/tcp
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:
rule service name="https" log level="info"
rule service name="http" log level="info"
dmz (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 10.4.1.2
services: http https
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
(The 2 rich rules were attempt to log the blocked connection on firewall)