Fedora 20 NAT Configuration with firewalld
I had the sysctl
part done also; the additional command that got NAT/masquerade working for me was:
firewall-cmd [ --permanent ] --zone=external --add-masquerade
I got that from this question which also has an XML file that may or may not still be necessary.
Related videos on Youtube
tadman
Updated on September 18, 2022Comments
-
tadman over 1 year
I'm trying to set up a simple masquerading gateway that will bridge between an internal network on
ens33
(192.168.1.0/24) and a private network onens37
(10.0.1.0/24). It's a VMWare image with two separate network interfaces, both in "Bridged" mode to the network.A second VM is configured on the 10.0.1.0/24 network with a unique IP and can connect to the gateway. It cannot connect through the gateway, it's not being handled correctly.
The Fedora
firewalld
documentation is not exceptionally clear on how you're supposed to use the zones to construct a NAT router.My interpretation, which isn't working, is that the external interface should be on zone "external" and internal one should be "trusted" if you want it wide open.
The configuration looks roughly this:
# firewall-cmd --get-active-zones external interfaces: ens33 trusted interfaces: ens37
I've enabled network forwarding with sysctl:
# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
All I'm looking for is the masquerading rule to kick in and NAT the traffic on the 10.0.1.0/24 network.