Hi,
many people using Fedora/CentOS/RHEL/.. for organizing gateways, with transparent proxy or with many other options. And they using iptables.
I have not seen any examples for organizing gateway with/without transparent proxy using firewalld.
I think would be good if we will have this how-to.
Thoughts?
P.S. I can't write this doc, because I can't set it up =(
Igor,
That would be useful. I beat my head all over trying to figure out part of it. The standard masquerade for a zone makes it possible to NAT outgoing traffic from internal boxes using the firewalld box as a default gateway.
firewall-cmd --permanenet --add-masquerade --zone=internal
You can also use --direct passthrough commands to set up specific forwarding:
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I PRE_public -d 204.1.8.12 -j DNAT --to 10.1.1.4 firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POST_public -s 10.1.1.4 -j SNAT --to 204.1.8.12
Now here is the caveat: If you are doing both, that masquerade command comes first. You would normally see '-A' in your /etc/sysconfig/iptables file. BUT, with firewalld, it needs to INSERT it instead of APPEND. THAT is why you need the '-I' instead of '-A' for the rule. I beat my head on the wall over that for a bit.... o.O
Hope this helps you and at least this will be in the archive now until someone remembers to add it to some example..
Brian Andrus ITACS/Research Computing Naval Postgraduate School Monterey, California voice: 831-656-6238
-----Original Message----- From: firewalld-users-bounces@lists.fedorahosted.org [mailto:firewalld-users-bounces@lists.fedorahosted.org] On Behalf Of Igor Gnatenko Sent: Tuesday, October 21, 2014 11:56 PM To: Firewalld users discussion list Subject: firewalld example gateway
Hi,
many people using Fedora/CentOS/RHEL/.. for organizing gateways, with transparent proxy or with many other options. And they using iptables.
I have not seen any examples for organizing gateway with/without transparent proxy using firewalld.
I think would be good if we will have this how-to.
Thoughts?
P.S. I can't write this doc, because I can't set it up =( -- -Igor Gnatenko _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
firewalld-users@lists.fedorahosted.org