Page 1 of 1

Problems after updating the system

Posted: 2019/12/25 14:41:05
by skveen
After updating from 6.10 to 8.01905
Copying scripts of firewall and vpn configuration files from old system to new system doesn't work:
The internal network cannot access the Internet, and the external network cannot access the local VPN service
selinux is closed

These configurations work fine on older systems.
So I think the problem should come from the system
If can't solve it tomorrow, will switch to debian.

Re: Problems after updating the system

Posted: 2019/12/25 15:37:27
by hunter86_bg
You are saying you are trying to switch from CentOS 6 to CentOS 8 and stuff is not working ... What a surprise.
You should have checked that RHEL 8/ CentOS 8 is using nftables and the 'iptables' command is just a 'translator' which might not deal OK with older syntax.

Either recreate your rules from scratch in firewalld (if possible) or in nftables , or switch to another distro.

Re: Problems after updating the system

Posted: 2019/12/25 16:39:54
by jlehtone
skveen wrote:
2019/12/25 14:41:05
These configurations work fine on older systems.
So I think the problem should come from the system
Riding a horse works fine with a horse, but riding a bike requires different movements. That is not the fault of the bike.


Putting the external interface into firewall zone 'external' and keeping internal interface on zone 'public' should at least enable routing (aka ip forwarding) and enable masquerade (aka NAT) on the external interface. I don't remember, whether forward filter allows traffic from public to external. Trusted to external is definitely routed.

If firewalld already defines "service vpn" that opens correct ports, then add that service to the external zone. If not, then define such service first.

Red Hat has extensive documentation for RHEL 8. Most of it applies to CentOS 8.


Are you familiar with Debian? According to wikipedia all supported versions of Debian use nftables. Even if not true, there is surely as much to convert as there is to CentOS 8. It is up to you, which distro you want to learn properly.

Re: Problems after updating the system

Posted: 2019/12/26 11:31:36
by skveen
yes .you are right.

thanks

Re: Problems after updating the system

Posted: 2019/12/26 12:01:15
by BShT
build a sand box and validate your confs

Re: Problems after updating the system

Posted: 2019/12/27 10:50:50
by skveen
BShT wrote:
2019/12/26 12:01:15
build a sand box and validate your confs
yes ,i am doing
thinks.
firewalld is more interesting than iptables