fb_pixel

How to organize direct access between two interfaces?

IT & Software | Network & Security
Description
There is a CentOS 7 server with three network cards:

wan - 11.11.11.11
lan0 - 172.16.0.1/24
lan1 - 172.16.1.1/24

net.ipv4.ip_forward=1
FirewallD controls everything

external(active)
  interfaces: wan
  sources:
  services: http https ssh
  ports:...
  masquerade: yes
  forward-ports:...
  icmp-blocks: timestamp-reply timestamp-request
  rich rules

internal(default, active)
  interfaces: lan0 lan1
  sources:
  services: dhcpv6-client http https ipp-client mdns mountd nfs rpc-bind samba-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks: timestamp-reply timestamp-request
  rich rules:

internal(default, active)
  interfaces: lan0 lan1
  sources:
  services: dhcpv6-client http https ipp-client mdns mountd nfs rpc-bind samba-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks: timestamp-reply timestamp-request
  rich rules:

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 11.11.11.22 0.0.0.0 UG 100 0 0 wan
11.11.11.11 0.0.0.0 255.255.255.248 U 100 0 0 wan
172.16.0.0 0.0.0.0 255.255.252.0 U 0 0 0 lan0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 lan1

local interfaces go out"without problems"
but they don't have access to each other, while from, for example, the 172.16.0.0/24 network, I can only ping 172.16.1.1 and vice versa.
I feel that I have forgotten something, but I cannot understand it.
Tell me what I did not finish, otherwise I have been fighting for 2 days and will not achieve it
Attachments
No attachments
Info
Description
try adding
ip r a 172.16.0.0/24 dev lan0 src 172.16.0.1
ip r a 172.16.1.0/24 dev lan1 src 172.16.1.1
and check for any chance that
cat/proc/sys/net/ipv4/ip_forward
will issue 1


on March 15th, 2020 (11:23 pm)
Description
172.16.0.0 0.0.0.0 255.255.252.0 U 0 0 0 lan0
correct network size must be specified


on March 15th, 2020 (11:23 pm)
Description
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i lan0 -o lan1 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i lan1 - o lan0 -j ACCEPT

on March 15th, 2020 (11:25 pm)
All coments
This job has not been commented yet.