질문:firewalld의 구축에 대해서
데비안을 사용하여 아래 구성의 네트워크와 서버를 구축하고 싶습니다.
debian...debian-8.5.0-amd64-netinst.iso
현재 위 그림과 같은 네트워크 구성의 서버를 구축하는 연습을 Virtualbox를 이용해 실시하고 있습니다.
다만, firewalld의 설정이 잘 되지 않기 때문에, 질문시켜 주세요.
현재 GSV로 작성된 서버의/etc/netwark/interfaces는 다음과 같습니다.
This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 172.22.1.100
netmask 255.255.252.0
network 172.22.1.0
broadcast 172.22.3.255
gateway 172.22.0.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 172.22.255.1
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto eth2
iface eth2 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
또, firewalld의 설정은 firewall-cmd --list-all-zones보다 아래와 같이 되어 있습니다.
block
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
dmz (active)
interfaces: eth1
sources:
services: http smtp
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
drop
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
external (active)
interfaces: eth0
sources:
services: ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
home
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
internal (active)
interfaces: eth2
sources: 192.168.1.0/24
services: mysql
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
public (default)
interfaces:
sources:
services: dhcpv6-client http ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
trusted
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
work
interfaces:
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
곤란한 점은 eth2의 mysql에의 소스를 192.168.1.0/24로 좁혔음에도 불구하고 localhost에서 mysql에 액세스 할 수 있다는 것입니다.
구체적으로 mam을 사용하여 php에서 mysql로 연결하여 데이터를 검색 할 수 있습니다.
이것은 firewalld의 설정 실수입니까?
도대체, 어떻게 하면 좋을까요?
조언 잘 부탁드립니다.
Reference
이 문제에 관하여(질문:firewalld의 구축에 대해서), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/kiryuumomoka/items/799b7fb2232688f2a383
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 172.22.1.100
netmask 255.255.252.0
network 172.22.1.0
broadcast 172.22.3.255
gateway 172.22.0.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 172.22.255.1
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto eth2
iface eth2 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
block
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
dmz (active)
interfaces: eth1
sources:
services: http smtp
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
drop
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
external (active)
interfaces: eth0
sources:
services: ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
home
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
internal (active)
interfaces: eth2
sources: 192.168.1.0/24
services: mysql
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
public (default)
interfaces:
sources:
services: dhcpv6-client http ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
trusted
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
work
interfaces:
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Reference
이 문제에 관하여(질문:firewalld의 구축에 대해서), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/kiryuumomoka/items/799b7fb2232688f2a383텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)