On 07/05/2021 13:54, Jouk wrote:
sure you are right. I only added the command for the home zone to show that that one worked, but the same command on the zone I would like to use , FedoraWorkstation, fails. why? with the --permanent set is gives success, however after restarting firewalld, the forward seems to be still off.
more or less the same happens with masquerade. I can set it on the running firewall, but when setting it with --permanent, it is lost after restarting firewalld.
Unfortunately, I don't think I can model your configuration in a VM.
However, when I add 2 interfaces to a VM I get....
[root@fedora ~]# firewall-cmd --zone=FedoraWorkstation --add-forward success
Then....
[root@fedora ~]# firewall-cmd --list-all FedoraWorkstation (active) target: default icmp-block-inversion: no interfaces: enp0s3 enp0s8 sources: services: dhcpv6-client mdns samba-client ssh ports: 1025-65535/udp 1025-65535/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
and....
[root@fedora ~]# firewall-cmd --runtime-to-permanent success
[root@fedora ~]# systemctl restart firewalld
[root@fedora ~]# firewall-cmd --list-all FedoraWorkstation (active) target: default icmp-block-inversion: no interfaces: enp0s3 enp0s8 sources: services: dhcpv6-client mdns samba-client ssh ports: 1025-65535/udp 1025-65535/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
You may want to join the firewalld-users@lists.fedorahosted.org list and ask there. I've gotten good guidance from the folks there.