firewalld question
David
david at daku.org
Sun Mar 13 23:43:07 UTC 2022
Folks
I'm running Ubuntu 20.04.4 as both the host and a VirtualBox
guest. The host, acting as an household gateway, has two network
adaptors, which I think of as "external" and "internal", the latter
connecting to other devices in my home with an ip address of 192.168.155.1/24.
The guest's network is bridged to the internal adaptor, and has an IP
address (192.168.155.111) that is within the range defined for the
internal adaptor. The guest's SSHD monitors both port 22 and 11022
with two Port statements in the sshd.conf file.
With the firewall enabled in the guest(systemctl start firewalld),
SSH access from the host to the guest works for port 11022, but fails
for port 22 (telnet reports "unable to connect to remote host,
connection refused). Access to other enabled ports (tested by
telnet) from the host work with the firewall enabled.
With the firewall disabled in the guest (systemctl stop firewalld),
SSH access from the host to the guest works for both port 11022 and 22.
Below is the guest firewall configuration (output of "firewall-cmd
--list-all-zones". I cannot account for this behavior. Is there
something wrong with the firewall configuration?
I observe the same unaccountable behavior if the guest is running Ubuntu 21.10.
Thanks for your help.
David
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s17
sources:
services: dhcpv6-client mdns
ports: 11022/tcp 11080/tcp 11443/tcp 22/tcp 25/tcp 587/tcp 993/tcp 995/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: lo
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
More information about the ubuntu-users
mailing list