I can't use MASQUERADE because I must go out with a specific additional external IP, then I must use a SNAT rule in the place of MASQUERADE
Do as indicated in the object with nft found here: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/sec...
But I would like to be able to activate a SNAT via firewall-cmd.
Can anyone kindly tell me which command line I should use?
Many thanks
On 1/6/25 11:11 AM, Dario Lesca wrote:
I can't use MASQUERADE because I must go out with a specific additional external IP, then I must use a SNAT rule in the place of MASQUERADE
Do as indicated in the object with nft found here: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/sec...
But I would like to be able to activate a SNAT via firewall-cmd.
Can anyone kindly tell me which command line I should use?
I found an answer here and tested it to verify it works: https://stackoverflow.com/questions/61679837/how-do-i-do-a-snat-in-firewalld
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -d 172.17.0.0/16 -p all -j SNAT --to 5.6.7.8
Where 5.6.7.8 is the interface IP address you want to use.
There's a firewalld issue for better support: https://github.com/firewalld/firewalld/issues/1384
Il giorno lun, 06/01/2025 alle 21.50 -0800, Samuel Sieb ha scritto:
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 - d 172.17.0.0/16 -p all -j SNAT --to 5.6.7.8
Where 5.6.7.8 is the interface IP address you want to use.
Thanks, it work also for me.
There's a firewalld issue for better support: https://github.com/firewalld/firewalld/issues/1384
Yes, this feature is very useful, I'll wait it
Thanks
Dario
-
Dario Lesca -
Samuel Sieb