Anyone gotten either ntp or chrony working when masquerading is enabled
Sam Varshavchik
mrsam at courier-mta.com
Sat Jan 24 23:14:32 UTC 2015
Ed Greshko writes:
> I see.... I've not worked with masquerading in a firewalld environment.
> I've only done it with shoreview as the IP Tables manipulator....
>
> With that in mind, since you have 2 LAN interfaces are they assigned to
> different zones? One with masquerading turned on, the other off and then
> tried pointing the client tools to the non-masquerading IP.
No, the way I set this up is with one zone, with everything blocked by
default, and a rich rule enabling everything for the LAN IP segment.
The server's headless, and I have to do everything via ssh, and firewalld's
GUI does not seem to work with X11 forwarding, it seems, which is another
bug; so I have to do everything with firewall-cmd.
I guess I have to figure out how to set up individual LAN interfaces into
non-default zones using firewall-cmd, and try that, to see if it works.
But I still think that a plain --add-masquerade should not be screwing
around with 127.0.0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20150124/e68af82e/attachment.sig>
More information about the users
mailing list