Hello, I am in a really trouble i don't understand why it can't works, if someone could help me it would be really nice !
I run 3 machines on virtualbox described below, centos8 stream is the virtual router and firewall DHCP and DNS server
But I cant have access to web browsers or http/https requests from the clients machines (xubu and nakedeb)
DNS is working correctly and resolving addresses, Clients are on DHCP working correctly with gateway and DNS in network configuration (dig google.com resolving with centos address),
I am totally lost, and desesperate, can someone rescue me please ?
-------------------------------------------------------
Here is my network map
-------------------------------------------------------
nakedeb
| Adapter 2 : enp0s8 : 192.168.10.20/24
|
| network vboxnet0 192.168.10.0/24
|
| Adapter 2 : enp0s8 : 192.168.10.30/24
centos8
| Adapter 3 : enp0s9 : 192.168.20.31/24
|
| network vboxnet1 192.168.20.0/24
|
| Adapter 2 : enp0s8 : 192.168.20.40/24
xubuntu
-------------------------------------------------------
Here is my commands of my firewall configuration on Centos :
-------------------------------------------------------
## Firewall Centos :
### Not running firewalld
sudo systemctl stop firewalld
### Reset firewalld
sudo rm -rf /etc/firewalld/zones/*
### Running firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld
### Public zone config
sudo firewall-cmd --permanent --zone=public --add-interface=enp0s3
sudo firewall-cmd --permanent --zone=public --add-interface=enp0s8
sudo firewall-cmd --permanent --zone=public --add-interface=enp0s9
sudo firewall-cmd --permanent --zone=public --add-masquerade
sudo firewall-cmd --permanent --zone=public --remove-service=ssh
sudo firewall-cmd --permanent --zone=public --set-target=DROP
### nakedeb zone config
sudo firewall-cmd --permanent --new-zone=nakedeb
sudo firewall-cmd --permanent --zone=nakedeb --add-source=192.168.10.20/32
sudo firewall-cmd --permanent --zone=nakedeb --add-source=192.168.10.30/32
sudo firewall-cmd --permanent --zone=nakedeb --set-target=DROP
sudo firewall-cmd --permanent --zone=nakedeb --add-icmp-block=echo-request
sudo firewall-cmd --permanent --zone=nakedeb --add-icmp-block=echo-reply
sudo firewall-cmd --permanent --zone=nakedeb --add-icmp-block-inversion
sudo firewall-cmd --permanent --zone=nakedeb --add-service=ssh
sudo firewall-cmd --permanent --zone=nakedeb --add-service=dns
sudo firewall-cmd --permanent --zone=nakedeb --add-service=dhcp
sudo firewall-cmd --permanent --zone=nakedeb --add-service=http
sudo firewall-cmd --permanent --zone=nakedeb --add-service=https
### xubu zone config
sudo firewall-cmd --permanent --new-zone=xubu
sudo firewall-cmd --permanent --zone=xubu --add-source=192.168.20.40/32
sudo firewall-cmd --permanent --zone=xubu --add-source=192.168.20.31/32
sudo firewall-cmd --permanent --zone=xubu --set-target=DROP
sudo firewall-cmd --permanent --zone=xubu --add-icmp-block=echo-request
sudo firewall-cmd --permanent --zone=xubu --add-icmp-block=echo-reply
sudo firewall-cmd --permanent --zone=xubu --add-icmp-block-inversion
sudo firewall-cmd --permanent --zone=xubu --add-service=ssh
sudo firewall-cmd --permanent --zone=xubu --add-service=dns
sudo firewall-cmd --permanent --zone=xubu --add-service=dhcp
sudo firewall-cmd --permanent --zone=xubu --add-service=http
sudo firewall-cmd --permanent --zone=xubu --add-service=https
### nat zone config
sudo firewall-cmd --permanent --new-zone=nat
sudo firewall-cmd --permanent --zone=nat --add-masquerade
sudo firewall-cmd --permanent --zone=nat --add-source=10.0.2.2
sudo firewall-cmd --permanent --zone=nat --add-source=10.0.2.15
sudo firewall-cmd --permanent --zone=nat --set-target=DROP
sudo firewall-cmd --permanent --zone=nat --set-target=DROP
sudo firewall-cmd --permanent --zone=nat --add-icmp-block=echo-request
sudo firewall-cmd --permanent --zone=nat --add-icmp-block=echo-reply
sudo firewall-cmd --permanent --zone=nat --add-icmp-block-inversion
sudo firewall-cmd --permanent --zone=nat --add-service=ssh
sudo firewall-cmd --permanent --zone=nat --add-service=http
sudo firewall-cmd --permanent --zone=nat --add-service=https
### firewalld reboot and runtime permanent
sudo firewall-cmd --reload
sudo firewall-cmd --runtime-to-permanent
----------------------------------------------------------------
Here are the f****** not throwing rules, for exemple on xubu machine
----------------------------------------------------------------
avril 11 20:59:43 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=36105 DF PROTO=TCP SPT=43520 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45802 DF PROTO=TCP SPT=43522 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60210 DF PROTO=TCP SPT=43524 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=26114 DF PROTO=TCP SPT=43526 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48559 DF PROTO=TCP SPT=43518 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14493 DF PROTO=TCP SPT=43528 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=36106 DF PROTO=TCP SPT=43520 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=26115 DF PROTO=TCP SPT=43526 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60211 DF PROTO=TCP SPT=43524 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45803 DF PROTO=TCP SPT=43522 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14494 DF PROTO=TCP SPT=43528 DPT=443 W>
avril 11 20:59:46 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48560 DF PROTO=TCP SPT=43518 DPT=443 W>
avril 11 20:59:46 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=36107 DF PROTO=TCP SPT=43520 DPT=443 W>
I run 3 machines on virtualbox described below, centos8 stream is the virtual router and firewall DHCP and DNS server
But I cant have access to web browsers or http/https requests from the clients machines (xubu and nakedeb)
DNS is working correctly and resolving addresses, Clients are on DHCP working correctly with gateway and DNS in network configuration (dig google.com resolving with centos address),
I am totally lost, and desesperate, can someone rescue me please ?
-------------------------------------------------------
Here is my network map
-------------------------------------------------------
nakedeb
| Adapter 2 : enp0s8 : 192.168.10.20/24
|
| network vboxnet0 192.168.10.0/24
|
| Adapter 2 : enp0s8 : 192.168.10.30/24
centos8
| Adapter 3 : enp0s9 : 192.168.20.31/24
|
| network vboxnet1 192.168.20.0/24
|
| Adapter 2 : enp0s8 : 192.168.20.40/24
xubuntu
-------------------------------------------------------
Here is my commands of my firewall configuration on Centos :
-------------------------------------------------------
## Firewall Centos :
### Not running firewalld
sudo systemctl stop firewalld
### Reset firewalld
sudo rm -rf /etc/firewalld/zones/*
### Running firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld
### Public zone config
sudo firewall-cmd --permanent --zone=public --add-interface=enp0s3
sudo firewall-cmd --permanent --zone=public --add-interface=enp0s8
sudo firewall-cmd --permanent --zone=public --add-interface=enp0s9
sudo firewall-cmd --permanent --zone=public --add-masquerade
sudo firewall-cmd --permanent --zone=public --remove-service=ssh
sudo firewall-cmd --permanent --zone=public --set-target=DROP
### nakedeb zone config
sudo firewall-cmd --permanent --new-zone=nakedeb
sudo firewall-cmd --permanent --zone=nakedeb --add-source=192.168.10.20/32
sudo firewall-cmd --permanent --zone=nakedeb --add-source=192.168.10.30/32
sudo firewall-cmd --permanent --zone=nakedeb --set-target=DROP
sudo firewall-cmd --permanent --zone=nakedeb --add-icmp-block=echo-request
sudo firewall-cmd --permanent --zone=nakedeb --add-icmp-block=echo-reply
sudo firewall-cmd --permanent --zone=nakedeb --add-icmp-block-inversion
sudo firewall-cmd --permanent --zone=nakedeb --add-service=ssh
sudo firewall-cmd --permanent --zone=nakedeb --add-service=dns
sudo firewall-cmd --permanent --zone=nakedeb --add-service=dhcp
sudo firewall-cmd --permanent --zone=nakedeb --add-service=http
sudo firewall-cmd --permanent --zone=nakedeb --add-service=https
### xubu zone config
sudo firewall-cmd --permanent --new-zone=xubu
sudo firewall-cmd --permanent --zone=xubu --add-source=192.168.20.40/32
sudo firewall-cmd --permanent --zone=xubu --add-source=192.168.20.31/32
sudo firewall-cmd --permanent --zone=xubu --set-target=DROP
sudo firewall-cmd --permanent --zone=xubu --add-icmp-block=echo-request
sudo firewall-cmd --permanent --zone=xubu --add-icmp-block=echo-reply
sudo firewall-cmd --permanent --zone=xubu --add-icmp-block-inversion
sudo firewall-cmd --permanent --zone=xubu --add-service=ssh
sudo firewall-cmd --permanent --zone=xubu --add-service=dns
sudo firewall-cmd --permanent --zone=xubu --add-service=dhcp
sudo firewall-cmd --permanent --zone=xubu --add-service=http
sudo firewall-cmd --permanent --zone=xubu --add-service=https
### nat zone config
sudo firewall-cmd --permanent --new-zone=nat
sudo firewall-cmd --permanent --zone=nat --add-masquerade
sudo firewall-cmd --permanent --zone=nat --add-source=10.0.2.2
sudo firewall-cmd --permanent --zone=nat --add-source=10.0.2.15
sudo firewall-cmd --permanent --zone=nat --set-target=DROP
sudo firewall-cmd --permanent --zone=nat --set-target=DROP
sudo firewall-cmd --permanent --zone=nat --add-icmp-block=echo-request
sudo firewall-cmd --permanent --zone=nat --add-icmp-block=echo-reply
sudo firewall-cmd --permanent --zone=nat --add-icmp-block-inversion
sudo firewall-cmd --permanent --zone=nat --add-service=ssh
sudo firewall-cmd --permanent --zone=nat --add-service=http
sudo firewall-cmd --permanent --zone=nat --add-service=https
### firewalld reboot and runtime permanent
sudo firewall-cmd --reload
sudo firewall-cmd --runtime-to-permanent
----------------------------------------------------------------
Here are the f****** not throwing rules, for exemple on xubu machine
----------------------------------------------------------------
avril 11 20:59:43 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=36105 DF PROTO=TCP SPT=43520 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45802 DF PROTO=TCP SPT=43522 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60210 DF PROTO=TCP SPT=43524 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=26114 DF PROTO=TCP SPT=43526 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48559 DF PROTO=TCP SPT=43518 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14493 DF PROTO=TCP SPT=43528 DPT=443 W>
avril 11 20:59:44 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=36106 DF PROTO=TCP SPT=43520 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=26115 DF PROTO=TCP SPT=43526 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60211 DF PROTO=TCP SPT=43524 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45803 DF PROTO=TCP SPT=43522 DPT=443 W>
avril 11 20:59:45 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14494 DF PROTO=TCP SPT=43528 DPT=443 W>
avril 11 20:59:46 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48560 DF PROTO=TCP SPT=43518 DPT=443 W>
avril 11 20:59:46 cento1 kernel: "filter_FWDI_xubu_DROP: "IN=enp0s9 OUT=enp0s3 MAC=08:00:27:8a:65:3f:08:00:27:b0:12:a3:08:00 SRC=192.168.20.40 DST=142.250.74.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=36107 DF PROTO=TCP SPT=43520 DPT=443 W>