Re: [CentOS] FirewallD issue

Marcin Trendota Thu, 21 Apr 2016 13:34:41 -0700

On Thursday 21 of April 2016 9:08:09 AM Gordon Messmer wrote:
> On 04/21/2016 03:11 AM, Marcin Trendota wrote:
> > But from host in another location (connected through VPN):
> What host serves the VPN?  If it's another host, how is that host
> connected to the router?  If it's "chamber," what type of VPN is it?


It's OpenVPN on chamber.

I've just noticed that it's similiar from home to the other location.
To clear things: 10.0.49.0/26 it's my home network
10.0.32.0/22 is one of VLANs in work ("the other location").

>From chamber:

[root@chamber ~]# nmap 10.0.32.7
                                                                                
                                                                                
                                                                                
                                                                             
Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-21 22:12 CEST                 
                                                                                
                                                                                
                                                                             
Nmap scan report for 10.0.32.7                                                  
                                                                                
                                                                                
                                                                             
Host is up (0.053s latency).                                                    
                                                                                
                                                                                
                                                                             
Not shown: 988 closed ports                                                     
                                                                                
                                                                                
                                                                             
PORT     STATE SERVICE                                                          
                                                                                
                                                                                
                                                                             
21/tcp   open  ftp                                                              
                                                                                
                                                                                
                                                                             
25/tcp   open  smtp                                                             
                                                                                
                                                                                
                                                                             
80/tcp   open  http                                                             
                                                                                
                                                                                
                                                                             
110/tcp  open  pop3                                                             
                                                                                
                                                                                
                                                                             
111/tcp  open  rpcbind                                                          
                                                                                
                                                                                
                                                                             
143/tcp  open  imap                                                             
                                                                                
                                                                                
                                                                             
389/tcp  open  ldap                                                             
                                                                                
                                                                                
                                                                             
443/tcp  open  https                                                            
                                                                                
                                                                                
                                                                             
993/tcp  open  imaps                                                            
                                                                                
                                                                                
                                                                             
995/tcp  open  pop3s                                                            
                                                                                
                                                                                
                                                                             
2049/tcp open  nfs                                                              
                                                                                
                                                                                
                                                                             
5666/tcp open  nrpe                                                             
                                                                                
                                                                                
                                                                             
                                                                                
                                                                                
                                                                                
                                                                             
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds

>From other host in home network:

[moonwolf@kazad ~]$ nmap 10.0.32.7

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 22:12 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, 
try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.03 seconds

When i move enp1s0 (external interface) to "home" zone, everything works 
fine.

My observations:

* When enp1s0 and tun0 (VPN interface) are both in "external" zone i'm 
able to scan ports of work's network from home.
But not the opposite:
[root@palpatine ~]# nmap 10.0.49.16

Starting Nmap 5.51 ( http://nmap.org ) at 2016-04-21 22:26 CEST
Nmap scan report for 10.0.49.16
Host is up (0.039s latency).
All 1000 scanned ports on 10.0.49.16 are filtered

Nmap done: 1 IP address (1 host up) scanned in 9.60 seconds

* When enp1s0 is in "external" zone (as only interface), and tun0 is in 
"home" zone i can't scan ports in home nor work.

* When all interfaces are in "home" zone i can scan ports everywhere.

It's a bit chaotic, i know. Sorry about that.

-- 
Over And Out
MoonWolf
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FirewallD issue

Reply via email to