Action Plan

Initial Setup:

Reset user password:

sudo passwd root

Check spice agent:

sudo systemctl start spice-vdagent
sudo systemctl enable spice-vdagent

Restart box:

sudo reboot

Setup Firewalld:

Setup Zones:

Assign zones:

firewall-cmd --zone=external --change-interface=eth0 --permanent
firewall-cmd --zone=internal --change-interface=eth1 --permanent

Setup Masquerading:

firewall-cmd --zone=external --add-masquerade --permanent

Allow Services:

# DNS
firewall-cmd --zone=internal --add-service=dns --permanent
firewall-cmd --zone=external --add-service=dns --permanent
# HTTP
firewall-cmd --zone=internal --add-service=http --permanent
firewall-cmd --zone=internal --add-service=https --permanent
# FTP
firewall-cmd --zone=internal --add-service=ftp --permanent
# SSH
firewall-cmd --zone=external --add-service=ssh --permanent
firewall-cmd --zone=internal --add-service=ssh --permanent

Port Forwarding:

firewall-cmd --zone=external --add-forward-port=port=80:proto=tcp:toaddr=192.168.62.2 --permanent
firewall-cmd --zone=external --add-forward-port=port=443:proto=tcp:toaddr=192.168.62.2 --permanent

Reload Firewall:

firewall-cmd --reload