I am unable to ping external zone IP from client PC. Public zone ip is reachable from client pc

jesson · 04-15-2024, 03:19 AM

Below is my setup information.

OS: Centos 9

System is connected with two network adapter. ens192 and ens224

ens192--> zone=public connected to Internet and it as 192.168.22.20/24 gateway: 192.168.22.1

ens224--> zone=external connected to LAN network and it as 192.168.33.100/24 no gateway

[root@localhost ~]# firewall-cmd --get-active-zones
external
interfaces: ens224
public
interfaces: ens192

I enabled masquerade on both the zones and verified the setting.

[root@localhost ~]# firewall-cmd --zone=public --query-masquerade
yes
[root@localhost ~]# firewall-cmd --zone=external --query-masquerade
yes
[root@localhost ~]#

nmcli output:
[root@localhost ~]# nmcli
ens192: connected to Profile 1
"VMware VMXNET3"
ethernet (vmxnet3), 00:50:56:A8:EA:97, hw, mtu 1500
ip4 default
inet4 192.168.22.20/24
route4 192.168.22.0/24 metric 100
route4 default via 192.168.22.1 metric 100

ens224: connected to ens224
"VMware VMXNET3"
ethernet (vmxnet3), 00:50:56:A8:8D:36, hw, mtu 1500
inet4 192.168.33.100/24
route4 192.168.33.0/24 metric 101

is there any routing or natting needs to be done to route the external zone traffic to public.zone network adapter. any suggestion or help is much appreciated

smallpond · 04-15-2024, 01:43 PM

What's the output of

Code:

sysctl net.ipv4.ip_forward

jesson · 04-16-2024, 12:12 AM

[root@repovm ~]# cat /proc/sys/net/ipv4/ip_forward
1

Problem fixed after adding the ip routing rules.