Centos
帶有 https、ssh 和 smtp 的 OpenVPN 的 firewalld 設置
我正在配置一個遠端 CentOS 7 webapp 伺服器來包裝OpenVPN
https並在其ssh內部,同時保持在smtpOpenVPN 之外執行。我注意到,當我使用 SecurePoint 從 Windows 7 客戶端建立 OpenVPN 連接時,我只能在 public 區域和 firewalld 的私有區域中成功連接和啟用https : / / 10.8.0.1。這似乎是錯誤的,因為所有 OpenVPN 活動都應該通過埠 1192 執行。 那麼我應該如何配置以便只允許在 VPN 內部執行,但仍然可以在 VPN 外部執行?ssh username@10.8.0.1``https``sshfirewalld``https``ssh``smtp的輸出
sudo firewall-cmd --list-all-zones如下。 我應該從以下配置中刪除什麼,我應該添加什麼來實現上面第 1 段中所述的目標? 下面是否有應該刪除所有內容的區域?block interfaces: sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: dmz interfaces: sources: services: ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: drop interfaces: sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: external interfaces: sources: services: ssh ports: masquerade: yes forward-ports: icmp-blocks: rich rules: home interfaces: sources: services: dhcpv6-client ipp-client mdns samba-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: internal interfaces: sources: services: dhcpv6-client https ipp-client mdns samba-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: rule family="ipv4" source NOT address="10.8.1.1" service name="ssh" reject public (default, active) interfaces: enp3s0 sources: services: dhcpv6-client https openvpn ssh ports: masquerade: yes forward-ports: icmp-blocks: rich rules: trusted interfaces: sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: work interfaces: sources: services: dhcpv6-client ipp-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
您尚未將
tun0設備添加到任何區域,因此它預設為default區域,在您的情況下就是public區域。以 root 身份執行:
firewall-cmd --zone=internal --add-interface=tun0然後,您可以離開
ssh並在區域https中啟用並在internal區域中禁用它public。