Anyone gotten either ntp or chrony working when masquerading is enabled
Ed Greshko
ed.greshko at greshko.com
Sat Jan 24 23:21:32 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/25/15 07:14, Sam Varshavchik wrote:
> Ed Greshko writes:
>
>> I see.... I've not worked with masquerading in a firewalld environment. I've only done it with shoreview as the IP Tables manipulator....
>>
>> With that in mind, since you have 2 LAN interfaces are they assigned to different zones? One with masquerading turned on, the other off and then tried pointing the client tools to the non-masquerading IP.
>
> No, the way I set this up is with one zone, with everything blocked by default, and a rich rule enabling everything for the LAN IP segment.
>
> The server's headless, and I have to do everything via ssh, and firewalld's GUI does not seem to work with X11 forwarding, it seems, which is another bug; so I have to do everything with firewall-cmd.
>
> I guess I have to figure out how to set up individual LAN interfaces into non-default zones using firewall-cmd, and try that, to see if it works.
OK.
>
> But I still think that a plain --add-masquerade should not be screwing around with 127.0.0.1
Totally agree on that point.....
- --
If you can't laugh at yourself, others will gladly oblige.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTEKPUACgkQ4JnKjVbCBvo1EwCfd21xSvPPHyya62MgN1BG3Qo5
yX8An3DXWgg3zOrXQDbI4XN5i4PoFJDt
=fnKV
-----END PGP SIGNATURE-----
More information about the users
mailing list