Have a nice day.
I am currently studying and doing a virtualized lab on my entire CentOS-7 PC and I need some help with CentOS Firewalld I will describe my doubt.
The WAN network of my firewall is 192.168.10.0/24 and the LAN network is 10.10.10.0/24.
So my firewall share internet on LAN, and on this same LAN I have a WEB server, DNS, dhcp and a server "proftpd IP 10.10.10.7" where is causing me the only doubt. Proftp is a dedicated server for ftp and web only. So I would like to know which Firewall Redirect rule I have that I have to create to redirect and allow FTP server access coming from WAN IP addresses?
On my LAN I managed to get users to authenticate to FTP, I even added a rule to redirect WAN traffic to LAN to get ftp://10.10.10.7, but I was unsuccessful.
can you help me with this, please?
Code: Select all
firewall-cmd --permanent --zone=external --add-forward-port=port=21:proto=tcp:toport=21:toaddr=10.10.10.7
Code: Select all
[root@firewall ~]# firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh openvpn
ports:
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=80:toaddr=10.10.10.7
port=2222:proto=tcp:toport=22:toaddr=10.10.10.7
port=2220:proto=tcp:toport=22:toaddr=10.10.10.2
port=2221:proto=tcp:toport=22:toaddr=10.10.10.3
port=2223:proto=tcp:toport=22:toaddr=10.10.10.4
port=2224:proto=tcp:toport=22:toaddr=10.10.10.5
port=21:proto=tcp:toport=21:toaddr=10.10.10.7
source-ports:
icmp-blocks:
rich rules:
Code: Select all
[root@web ~]# firewall-cmd --zone=external --list-all
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@web ~]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens32
sources:
services: ftp http dhcpv6-client ssh https mysql
ports: 22/tcp 21/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@web ~]#