Results 1 to 4 of 4

Thread: Firewalld and Masqueradeing

  1. #1

    Angry Firewalld and Masqueradeing

    Greetings,

    since beginning of september (2021), I am searching in internet a solution how to solve broken firewalld. Masquerading is not working and your solution here is not working fo me as well. Something is different.
    My computer is in this configuration.

    network card0 (eth0) - manual ip configuration 10.x.y.z, ipv4 only, zone external, connected to wan
    network card1 (eth1) - bridged by br0 virtual network card, zone home, connected to lan
    network card2 (br0) - manual ip configuration 172.16.0.1/12, ipv4 only, zone home, virtualized machines connected through this interface.

    br0 was used as a gateway for this virtual machines and for devices connected into lan, but when firewalld version 1.xy become into openSUSE tumbleweed, it stop works. Commands mentioned here are working but last rule. If I enter
    Code:
    firewall-cmd --permanent --policy AccessInternet --add-rich-rule='rule family="ipv4" source="172.16.0.0/12" accept'
    an error is thrown and masquerade doesn't work.
    Code:
    Error: INVALID_RULE: bad attribute 'source'
    There is no service running on virtualized machines, which must be accessible from internet.

    May I ask You for a help?

    Thank You

  2. #2
    Join Date
    Sep 2012
    Posts
    7,849

    Default Re: Firewalld and Masqueradeing

    Quote Originally Posted by preema View Post
    your solution here is not working fo me as well.
    What solution?
    when firewalld version 1.xy become into openSUSE tumbleweed, it stop works.
    What stopped working? If you configured something and it does not work - explain what you did, show your configuration. Otherwise we have no way to comment on it.

    If I enter
    Code:
    firewall-cmd --permanent --policy AccessInternet --add-rich-rule='rule family="ipv4" source="172.16.0.0/12" accept'
    an error is thrown and masquerade doesn't work.
    Code:
    Error: INVALID_RULE: bad attribute 'source'
    Rule syntax is wrong. It should be
    Code:
    source address="172.16.0.0/12"
    Did you try to read documentation?

  3. #3

    Default Re: Firewalld and Masqueradeing

    Because this question was moved from original thread

    https://forums.opensuse.org/showthre...squerade/page2

    there is a missing context of the original thread. Before mentioned failing command, there were these three command applied before this one.

    Code:
    # firewall-cmd --permanent --new-policy AccessInternet
    # firewall-cmd --permanent --policy AccessInternet --add-ingress-zone home
    # firewall-cmd --permanent --policy AccessInternet --add-egress-zone external
    The result of all of them was: success
    Access to internet from home zone was not possible and the ping command to external gateway (gateway for host system) report "Destination port unreachable", but ping from home zone to eth0 was working as expected.

    man: firewalld.policies contains no relevant information about policies

    My requests for zones are:
    external: nothing is accessible from internet, but selected services from discrete end points.
    home: nothing is blocked. There are only trusted devices. Virtualized machines have to be accessible from home zone (lan) as other physical devices connected to network.

    Thank You

  4. #4

    Default Re: Firewalld and Masqueradeing

    SOLVED!

    there is an error in "source=...", it must be "source address=...", then reload a firewall.

    Thank You arvidjaar.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •