[CentOS] FirewallD issue
moonwolf.rh at gmail.com
Thu Apr 21 20:33:15 UTC 2016
On Thursday 21 of April 2016 9:08:09 AM Gordon Messmer wrote:
> On 04/21/2016 03:11 AM, Marcin Trendota wrote:
> > But from host in another location (connected through VPN):
> What host serves the VPN? If it's another host, how is that host
> connected to the router? If it's "chamber," what type of VPN is it?
It's OpenVPN on chamber.
I've just noticed that it's similiar from home to the other location.
To clear things: 10.0.49.0/26 it's my home network
10.0.32.0/22 is one of VLANs in work ("the other location").
[root at chamber ~]# nmap 10.0.32.7
Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-21 22:12 CEST
Nmap scan report for 10.0.32.7
Host is up (0.053s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
389/tcp open ldap
443/tcp open https
993/tcp open imaps
995/tcp open pop3s
2049/tcp open nfs
5666/tcp open nrpe
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds
>From other host in home network:
[moonwolf at kazad ~]$ nmap 10.0.32.7
Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 22:12 CEST
Note: Host seems down. If it is really up, but blocking our ping probes,
Nmap done: 1 IP address (0 hosts up) scanned in 0.03 seconds
When i move enp1s0 (external interface) to "home" zone, everything works
* When enp1s0 and tun0 (VPN interface) are both in "external" zone i'm
able to scan ports of work's network from home.
But not the opposite:
[root at palpatine ~]# nmap 10.0.49.16
Starting Nmap 5.51 ( http://nmap.org ) at 2016-04-21 22:26 CEST
Nmap scan report for 10.0.49.16
Host is up (0.039s latency).
All 1000 scanned ports on 10.0.49.16 are filtered
Nmap done: 1 IP address (1 host up) scanned in 9.60 seconds
* When enp1s0 is in "external" zone (as only interface), and tun0 is in
"home" zone i can't scan ports in home nor work.
* When all interfaces are in "home" zone i can scan ports everywhere.
It's a bit chaotic, i know. Sorry about that.
Over And Out
More information about the CentOS