what is output from
grep . /proc/sys/net/ipv4/ip_forward
grep . /proc/sys/net/ipv4/conf/*/forwarding
I told you why ping did not work as non-root in the very first reply.
$ grep . /proc/sys/net/ipv4/ip_forward
1
$ grep . /proc/sys/net/ipv4/conf/*/forwarding
/proc/sys/net/ipv4/conf/all/forwarding:1
/proc/sys/net/ipv4/conf/default/forwarding:1
/proc/sys/net/ipv4/conf/docker0/forwarding:1
/proc/sys/net/ipv4/conf/eth0/forwarding:1
/proc/sys/net/ipv4/conf/lo/forwarding:1
/proc/sys/net/ipv4/conf/veth0/forwarding:1
/proc/sys/net/ipv4/conf/virbr0/forwarding:1
As for the ping solution, you are right. I missed it, apparently this is not my week for reading.
Yes, firewalld now defaults to nftables so your script which flushes FORWARD iptables chain does not affect firewalld rules and firewalld blocks forwarding except when masquerading. For sledgehammer approach you probably can convert your script to nftables, although personally I’d rather simply configure masquerading in firewalld. This has additional benefit of continuing to work should backend change again.
Or configure firewalld to use iptables backend.
sudo firewall-cmd --zone=home --add-masquerade
does the trick.
Thanks for your help and understanding. I had rely on this setup and the initial errors related to ping and one-time success really threw me off.