Connect a webbased admin interface between two different networks internal in rhel 7.2
The server acts as a sftp server only, on a external network which is isolated from the domain.
I can manage the software 'wingftp server' via the console but is is easier to manage this sftp server via the webbased admin interface, which cannot be done on the server itself (minimal installation).
To do this I need to use the servers ip with a specific port number, which I can open in firewalld and everything works fine. Except I won't open this port on the external firewall so I can't use this method when in production.
So my ideal\secure situation would be to connect a computer to the second network card on the server, so that it has a direct link (old cross cable situation), when management is needed only.
How can I make this work?
I tried to have the 2 interfaces in the same zone and forward the ip, tried it with different zones. But I can't successfully connect to the webbased admin interface.....
Which setup would you recommend, this should be just about nat ing the two networks to each other, or not? And if so what is best practise for this?
or should I enable the service to listen on both ip addresses?
Any help would be appreciated, I am getting a bit lost now with firewalld
I can always just put a switch in between and get another ip on this vlan and since it is only an internal segment it should work fine, but they feel it is not secure enough. They only want one ip on this network segment if possible....
Responses
Hello
Have you tried having the management interface in a different, and private, IP address range? Should also be in a different zone to the Internet connected interface. Can you configure the sftp software's management interface to bind to the private address used on the management interface? Use static IP addressing on the management network. Then configure the firewall to allow traffic from the private IP address of the management PC, to the port used by the web-based management application.
HTH
Hello,
I should have mentioned, until this bug is resolved Bug 1066037 - firewall-config should allow unspecifying zone binding for interface you cannot use firewalld tools or commands to change the zone of an interface managed by NetworkManager. That should be fixed in Red Hat Enterprise Linux 7.3.
Thank you for let us know your progress.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
