1

I'm using RHEL 8 and am trying to set-up NAT/MASQUERADE using firewall-cmd. So far I have all the network interfaces and services in the public zone. eno8303 is the internal nic and eno8403 is the external nic. This is my procedure but I can't get it to work:-

sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -o eno8303 -j MASQUERADE sudo firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i eno8403 -m state --state ESTABLISHED,RELATED -j ACCEPT

edit /etc/sysctl.conf to include the setting net.ipv4.ip_forward = 1

And then sysctl -p /etc/sysctl.conf

Expected to be able to use the server as an internal gateway but nothing happens.

Saxtheowl
  • 1,112
  • 5
  • 8
PistolPete
  • 21
  • 4

1 Answers1

0

You have a problem in your configuration, you should use the external NIC eno8403 as the output interface instead of the internal one.

here is how to fix that: first set up the NAT sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -o eno8403 -j MASQUERADEthen set up the forward rules

sudo firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i eno8303 -o eno8403 -j ACCEPT
sudo firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i eno8403 -o eno8303 -m state --state ESTABLISHED,RELATED -j ACCEPT

then reload sudo firewall-cmd --reload then go to /etc/sysctl.conf and add

net.ipv4.ip_forward = 1

then you apply, and it should work sudo sysctl -p /etc/sysctl.conf

Saxtheowl
  • 1,112
  • 5
  • 8