-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/25/15 07:14, Sam Varshavchik wrote:
Ed Greshko writes:
I see.... I've not worked with masquerading in a firewalld environment. I've only done it with shoreview as the IP Tables manipulator....
With that in mind, since you have 2 LAN interfaces are they assigned to different zones? One with masquerading turned on, the other off and then tried pointing the client tools to the non-masquerading IP.
No, the way I set this up is with one zone, with everything blocked by default, and a rich rule enabling everything for the LAN IP segment.
The server's headless, and I have to do everything via ssh, and firewalld's GUI does not seem to work with X11 forwarding, it seems, which is another bug; so I have to do everything with firewall-cmd.
I guess I have to figure out how to set up individual LAN interfaces into non-default zones using firewall-cmd, and try that, to see if it works.
OK.
But I still think that a plain --add-masquerade should not be screwing around with 127.0.0.1
Totally agree on that point.....
- -- If you can't laugh at yourself, others will gladly oblige.