LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-08-2016, 03:26 PM   #1
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Rep: Reputation: Disabled
Firewalld NAT configuration Fedora 23


Hi

Host: Fedora 23
Guest: CentOS 7.0
KVM/QEMU

Here is what I am trying to do.
Set up NAT on the host system (Fedora 23) so that the guest (CentOS 7.0) would be visible from outside (by other devices connected to the same router)
And then I intend to set up NAT on the router so that this guest machine would be visible to the world. In the following sense:
When you type in the public IP that has been assigned to my router in your web browser you can access the web server running on the CentOS machine.
And I would really like to use firewalld for this configuration on the host.

Here is what I have tried:

Host:192.168.1.137 : Zone public : masquerading on : interface enp9s0
Guest: 192.168.122.10 interface vibr0 port 80 is opened

net.ipv4.ip_forward=1 => /etc/sysctl.conf

sysctl -p

firewall-cmd --zone=public --add-forward-port=port=80roto=tcp:toport=80:toaddr=192.168.122.10

When I make a request via web browser to 192.168.1.137(HOST) form my phone on the same network I cannot reach the web server running on 192.168.122.10

Note:
I do understand that I am probably doing something extremely stupid, and I am kinda stuck, been going over the firewall-cmd command line documentation but it seams to be lacking in terms of examples for the NAT setup.

Thank you all for your time.
 
Old 07-09-2016, 11:06 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Double NAT'ing and triple NAT'ing on a network is never a good idea. Why don't you change the VM interface to a bridge and give the VM an IP address on the network? Then you can use guests firewall to control what it allowed to enter and what is not without worring about NAT'ing.

Also note that you do not have to use firewalld you can use iptables if that is what you are used to. Just google on how to switch from firewalld to iptables.
 
Old 07-11-2016, 09:32 AM   #3
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Original Poster
Rep: Reputation: Disabled
That is what I ended up doing.
May I ask why would a double NAT be a bad idea?
 
Old 07-11-2016, 11:20 AM   #4
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
For starters troubleshooting. Another point of failure.
 
  


Reply

Tags
centos, fedora, firewalld, kvm, vm


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IP Masquerading on Fedora 21 using Firewalld djgerbavore Linux - Networking 4 04-01-2015 07:56 PM
FirewallD configuration in CentOS 7 g.navink Linux - Security 1 11-13-2014 08:49 AM
Permanent Configuration for firewalld wmakowski Fedora 1 01-24-2013 09:01 AM
LXer: Fedora 18 and Firewalld LXer Syndicated Linux News 0 09-20-2012 05:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration