Hi.
I have a little trouble with firewalld. I'm trying to open some ports for monitoring server, but it's in the same network as "home" zone:
Monitored host (192.168.111.60):
lukasz @ strategie 17:52:19 ~ $ -> sudo firewall-cmd --get-active home sources: 192.168.111.0/24 (open ports 22, 80, 443) monitoring sources: 192.168.111.19 (open ports: 5666) public interfaces: ens18 (no open ports)
---------------------------------------------------
Monitoring host (192.168.111.19):
lukasz @ potemkin 17:57:25 ~ $ -> telnet strategie.ping.local 5666 Trying 192.168.111.60... telnet: connect to address 192.168.111.60: No route to host
lukasz @ potemkin 17:57:26 ~ $ -> telnet strategie.ping.local 80 Trying 192.168.111.60... Connected to strategie.ping.local. Escape character is '^]'. ^] telnet> Connection closed.
---------------------------------------------------
I think there are conflicting rules on a monitored host, that: - prevent access to 5666 from 192.168.111.0/24, - give access to 5666 from 192.168.111.19 and packets from potemkin are routed trough a home zone.
I really would like to have dedicated "monitor" zone. Is there a way to give "monitor" zone more priority, than "home"? I may end with OpenVPN on potemkin and use 172.30.25.0/24 for monitoring, but, apart from encryption aspect, it seems a little excessive.
Thank You.