T
T
think2013-11-28 15:36:48
iptables
think, 2013-11-28 15:36:48

How to deal with zones in firewalld?

Fedora 19 server. Two network interfaces. External p13p1 and local em0.

em0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
p13p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet external_ip  netmask 255.255.255.224  broadcast external_bcast_ip

I place interfaces in different zones
# firewall-cmd --permanent --get-zone-of-interface=em0
internal
# firewall-cmd --permanent --get-zone-of-interface=p13p1
external

I want to open local network access to mysql
# firewall-cmd --permanent --zone=internal --add-service=mysql ; firewall-cmd --reload;
success
success
# firewall-cmd --permanent --list-all-zones
internal (default, active)
  interfaces: em0
  sources: 
  services: dhcp http mysql named ssh
  ports: 
  masquerade: yes
  forward-ports: 
  icmp-blocks: 
  rich rules: 
external (active)
  interfaces: p13p1
  sources: 
  services: http ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

As a result, mysql server becomes visible from the Internet, but not from the local network.
# nmap external_ip -p 3306
PORT     STATE SERVICE
3306/tcp open  mysql

# nmap 192.168.1.100 -p 3306
PORT     STATE SERVICE
3306/tcp closed  mysql

What could be the problem?

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question