After I switched to CentOS 7 I have started using the new firewall-cmd as opposed to iptables which I used in the past. In a lot of ways I like firewall-cmd better, but I ran into a problem when I tried using the home zone and subnets to allow traffic from my VPN-clients to reach a couple of administrative interfaces which shouldnt be public like ssh and a webui. For internal use by devices on my lan attaching the home zone to all traffic from my internal subnet, 192.168.1.0/24, seems to have done the trick but the same won't work for my VPN clients, 10.16.0.0/24. Given the included setup for the home zone can anyone here see what the issue is?
PS: If it was unclear the VPN client in question is connecting to a server that is running on my router and not to a server running directly on the machine I'm trying to reach. I know there is nothing wrong with this VPN server itself and/or the routing because adding the ssh and webui rules to the public interface, which is default for all traffic, makes everything work as expected.
These are the rules for the home zone:
Code: Select all
home (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 192.168.1.0/24 10.16.0.0/24
services: ssh mdns samba-client dhcpv6-client webui
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: