How to deal with zones in firewalld?

T

think2013-11-28 15:36:48

iptables

think, 2013-11-28 15:36:48

Fedora 19 server. Two network interfaces. External p13p1 and local em0.

em0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
p13p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet external_ip  netmask 255.255.255.224  broadcast external_bcast_ip

I place interfaces in different zones

# firewall-cmd --permanent --get-zone-of-interface=em0
internal
# firewall-cmd --permanent --get-zone-of-interface=p13p1
external

I want to open local network access to mysql

# firewall-cmd --permanent --zone=internal --add-service=mysql ; firewall-cmd --reload;
success
success
# firewall-cmd --permanent --list-all-zones
internal (default, active)
  interfaces: em0
  sources: 
  services: dhcp http mysql named ssh
  ports: 
  masquerade: yes
  forward-ports: 
  icmp-blocks: 
  rich rules: 
external (active)
  interfaces: p13p1
  sources: 
  services: http ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

As a result, mysql server becomes visible from the Internet, but not from the local network.

# nmap external_ip -p 3306
PORT     STATE SERVICE
3306/tcp open  mysql

# nmap 192.168.1.100 -p 3306
PORT     STATE SERVICE
3306/tcp closed  mysql

What could be the problem?

Reply

Answer the question

In order to leave comments, you need to log in

0 answer(s)