How do I properly route traffic through internal services of a webserver?

Question

0.00/5 (No votes)

See more:

Need some help with a firewall configuration; I have been around this for roughly 12 hours:

First; my hosts file is of the following

```
127.0.0.1 teamimpact localhost localhost.localdomain
127.0.1.1 www.teamimpact.com teamimpact.com localhost1 localhost1.localdomain
127.0.1.2 pop.teamimpact.com localhost2 localhost2.localdomain
127.0.1.3 smtp.teamimpact.com localhost3 localhost3.localdomain
127.0.1.4 imap.teamimpact.com localhost4 localhost4.localdomain
127.0.1.5 ftp.teamimpact.com localhost5 localhost5.localdomain
127.0.1.6 sftp.teamimpact.com localhost6 localhost6.localdomain
127.0.1.7 samba.teamimpact.com localhost7 localhost7.localdomain
127.0.1.8 sql.teamimpact.com localhost8 localhost8.localdomain
::1 localhost localhost.localdomain localhost9 localhost9.localdomain
```

In addition, each of those addresses are backed by a virtual ethernet adaptor. In breif, their settings are identical to this:
/etc/sysconfig/network-scripts/ifcfg-eth0:1 >>>
```
DEVICE=eth0:1
IPADDR=127.0.1.1
PREFIX=8
ZONE=Internal
```
^ There are 8 of this files, each representing eth0:1 -> eth0:8; statically assigned between ranges 127.0.1.1 ~ 127.0.1.8. The network configuration seems completely fine with pings resolving and everything. I actually appreciate this part of the fqdn setup.

>>>>>>>>>>>>>>>>>>>>>>>> THEN IT GETS TRICKY <<<<<<<<<<<<<<<<<<<<<<<<<<<<

I have the four following firewall zones: "External, Internal, Public, and Private". All of the 127.0.X.X. interfaces need to be on the internal zone. The goal is to have those utilities/resources completely referencable instead of an address.

> The internal zone is where the entire project hooks together.
> The private zone needs to be a whitelist for developers to have access to everything that is within the internal zone,
> The public zone needs to provide the services
> The external zone needs to be the blacklist

I've spent about 12-hours trying to figure out what to do with firewall-cmd in order to make this happen with routes and everything. Im hoping one of you guys can help. I am looking forward to saving this work whenever it gets done.

Thanks!
Kevin B. Harris

What I have tried:

Setting source for private zone as 192.168.0.1/24 while enabling Masquerading and adding Port-Forwarding of 22/tcp to 127.0.1.7:22. This was even after enabling IP4-Fording is the Systems Kernel.

Posted 26-Jun-18 7:38am

Member 13390774

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)