On 08/11/2020 10:03, Robert Smuhar wrote:
Hi, I'm struggling to set up firewalld to pass traffic between 2
networks. Is this possible with firewalld?
My lab setup is:
Server (ens192:192.168.3.2) <-> (ens224:192.168.3.1) firewall
(ens192:192.168.110.8) <-> (ens192:192.168.110.9) client
Freshly installed CentOS 8.2 (2004), server installation with no GUI on all 3 VMs.
I think I understand you and I think I have much the same setup. I don't know if this
is of any
help.
Server (enp1s0:192.168.122.26) <-> (virb0:192.168.122.1) firewall
(wlp4s0:192.168.2.127) <-> (wlp6s0:192.168.2.116) client
firewall=meimei, client=acer, server=f33k
[root@meimei ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@meimei ~]# firewall-cmd --get-active-zones
libvirt
interfaces: virbr0
public
interfaces: enp2s0
trusted
interfaces: wlp4s0
[root@meimei ~]# firewall-cmd --version
0.8.4
[egreshko@acer ~]$ traceroute 192.168.122.26
traceroute to 192.168.122.26 (192.168.122.26), 30 hops max, 60 byte packets
1 192.168.2.127 (192.168.2.127) 2.735 ms 2.862 ms 3.540 ms
2 192.168.122.26 (192.168.122.26) 4.319 ms !X 4.493 ms !X 4.629 ms !X
[egreshko@acer ~]$ ping -c 2 192.168.122.26
PING 192.168.122.26 (192.168.122.26) 56(84) bytes of data.
64 bytes from 192.168.122.26: icmp_seq=1 ttl=63 time=3.26 ms
64 bytes from 192.168.122.26: icmp_seq=2 ttl=63 time=3.01 ms
[egreshko@acer ~]$ ssh 192.168.122.26
egreshko(a)192.168.122.26's password:
Last login: Sun Nov 8 14:04:25 2020 from 192.168.2.116
[root@meimei ~]# firewall-cmd --zone=libvirt --list-all
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns mountd nfs nfs3 rpc-bind ssh
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
[root@meimei ~]# firewall-cmd --zone=trusted --list-all
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: wlp4s0
sources:
services: dns kdeconnect mdns mountd nfs nfs3 rpc-bind samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: