On Thu, Jun 18, 2020 at 05:47:21AM +0800, Ed Greshko wrote:
On 2020-06-18 04:32, Eric Garver wrote:
[..]
Even that wouldn't explain why, with the middle system 3
interfaces
being 192.168.122.1/192.168.1.18/192.168.2.127Â I can't ssh to
192.168.1.142 from 2.116 with the FW up.
The 192.168.1.0/24 network wasn't shown in your diagram. If it's part of
the "public" zone, then that makes sense. firewalld will block the
forwarded traffic. The next firewalld feature release has a new feature
to allow intra zone forwarding [1].
[1]:
https://firewalld.org/2020/04/intra-zone-forwarding
Seems like you have two issues here:
1) libvirt's iptables rules are blocking public --> VM traffic
- this must be addressed via libvirt
2) firewalld is blocking public -> public forwarded traffic.
- this can be addressed by the feature [1] I mention above
- alternatively you can use a direct rule to allow the forwarded
traffic