Kong Ingress Controller and firewall rules

Hello,

I have a Kong Ingress Controller deployed in a Rancher cluster on CentOS 7.5 VMs. The cluster is set up to use two network interfaces, the host lan which is not firewalled and another interface that is firewalled.

The idea is that this other interface will be used to provide access to the services and Kong will provide the proxy/method routing.

The set-up works on the host lan, but it does not with the other interface, as I get timeout errors when I use it.

Through experimentation it seems that Kong needs the firewall zone target set to ‘default’ in order to work and that it ignores any service/port rule I set up.

What are the firewall requirements for Kong?

Assuming, as I suspect, that this is not a Kong issue, but rather a set-up, what would you suggest I check in order to troubleshoot the issue?

Many thanks, for your help.