On 07/05/2021 13:54, Jouk wrote:
sure you are right. I only added the command for the home zone to
show that that one worked, but the same command on the zone I would like to use ,
FedoraWorkstation, fails. why?
with the --permanent set is gives success, however after restarting firewalld, the
forward seems to be still off.
more or less the same happens with masquerade. I can set it on the running firewall, but
when setting it with --permanent, it is lost after restarting firewalld.
Unfortunately, I don't think I can model your configuration in a VM.
However, when I add 2 interfaces to a VM I get....
[root@fedora ~]# firewall-cmd --zone=FedoraWorkstation --add-forward
success
Then....
[root@fedora ~]# firewall-cmd --list-all
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 1025-65535/udp 1025-65535/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
and....
[root@fedora ~]# firewall-cmd --runtime-to-permanent
success
[root@fedora ~]# systemctl restart firewalld
[root@fedora ~]# firewall-cmd --list-all
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 1025-65535/udp 1025-65535/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
You may want to join the firewalld-users(a)lists.fedorahosted.org list and ask there.
I've gotten good guidance from the folks there.
--
Remind me to ignore comments which aren't germane to the thread.