Firewalld allowing traffic between main interface and OpenVPN tun0
Hi,
New to firewalld and centos. Firewalld is blocking traffic between openvpn tunnel and my main network. In logs I see: "[335548.930116] FINAL_REJECT: IN=enp3s0 OUT=tun0 SRC=192.168.113.5 DST=172.16.200.11 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=48188 DF PROTO=TCP SPT=53044 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 So I added Rich rule to allow traffic between 192.168.113.5 and 172.16.200.11: firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=192.168.113.5/32 destination address=172.16.200.11/32 port port=80 protocol=tcp accept' But still being blocked. My firewalld status looks like this: #firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: enp3s0 tun0 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.113.5/32" destination address="172.16.200.11/32" port port="80" protocol="tcp" accept What am I doing wrong? |
Do you have forwarding enabled?
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward |
Yes, forwarding is enabled.
|
Perhaps share
Code:
iptables -S |
# iptables -S
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT |
No active firewall?
|
Yes, it is centos so it uses firewalld/nftables instead of iptables. So I think the equivalent of iptables -S is #firewall-cmd --list-all
public (active) target: default icmp-block-inversion: no interfaces: enp3s0 tun0 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.113.5/32" destination address="172.16.200.11/32" port port="80" protocol="tcp" accept |
No, that is not the equivalent. It merely shows the firewalld config.
|
All times are GMT -5. The time now is 07:46 AM. |