I am asking for help, unfortunately, after a few days of fighting
firewalld, I can't do it.
Updated server opensuse where iptables was previously
Ipsec (strongswan) running on the WAN (external) server
2 external and internal zones
external The external ip address to which the ipsec client connects
external services - http / ssh
SSH for ipsec client only.
internal - LAN, the ipsec client gets the address from the lan pool.
I want the ipsec client to have access to www and ssh of this server as
well as other hosts in the lan network (all ports).
ICMP works from the ipsec client to the server and other hosts on the
lan network. Http does not work on the server for the ipsec client.
If I add the ip of the ipsec client to the Trusted zone - ssh access
does not work.
I can't diagnose anything in this firewall, I don't see the iptables -L
-v option that is helpful in iptables.