LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   IP Masquerading on Fedora 21 using Firewalld (https://www.linuxquestions.org/questions/linux-networking-3/ip-masquerading-on-fedora-21-using-firewalld-4175538193/)

djgerbavore 03-29-2015 07:11 PM
IP Masquerading on Fedora 21 using Firewalld
 
I'm trying to setup my fedora machine as a router so my raspberry pi can access the internet. I know I can do this using iptables syntax but I'm trying to use the new firewalld syntax.

My setup is, I have a wireless connection that has access to the internet called wlp0s26u1u4 and I have a raspberry pi connected directly to my machine via ethernet on interface called em1.

My fedora machine has a static ip address em1 set to 10.10.2.1 and on my raspberry pi I have a static ip set to 10.10.2.100 and the default gateway set to 10.10.2.1.

I can ping my fedora machine from my pi just fine, but I'm unable to get my machine to forward from one interface to another.

Also I set the resolv.conf nameserver to google's public DNS (8.8.8.8) on my raspberry pi.

I checked and ipv4 forwarding is turned on:
Code:
# cat /proc/sys/net/ipv4/ip_forward
1
I added the following firewalld rule:
Code:
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens4 -o eth1 -j ACCEPT
However when I ping google.com from the pi I still get unknown host google.com

Doing a tcpdump I see the packet(s) come across on both the em1 (wired) connection and wireless connection (wlp0s26u1u4). However the response seem to be getting dropped on the wireless (wlp0s26u1u4) interface. Because on the tcpdump of interface wlp0s26u1u4 i'm seeing dropped packets:
Code:
2 packets captured
2 packets received by filter
0 packets dropped by kernel
2 packets dropped by interface
My question is what am I missing so I can do ip masquerading on fedora 21 so my pi can access the internet.

Thanks,

Gerb

lazydog 03-30-2015 02:40 PM
I know nothing about the new firewall so I disabled it and run iptables.

The following might be able to help you Get Started Firewalld

Here is a F18 Tutorial

djgerbavore 03-31-2015 09:24 AM
Thanks, that want I did in the meantime.

I read the Tutorial and Get Started Firewalld document a few times but for some reason it still not working. Maybe I'm in the wrong "zone" or something.

djgerbavore 04-01-2015 10:48 AM
After banging my head on this for a while, I finally got it working. My issue was I was running custom kernel with none of the NAT/Masquerade functionality. Once included those kernel modules everything started to work.

I feel silly but I'm glad I got it working. Firewalld doesn't error out like iptables when a module is not found.

Thanks,

lazydog 04-01-2015 07:56 PM
Good for you!!


All times are GMT -5. The time now is 10:30 AM.