Re: FirewallD Masquerading and route forwarding

[Timothy M Butterworth <timothy.m.butterworth@gmail.com>]

On Fri, Mar 17, 2023 at 8:55 PM Timothy M Butterworth <timothy.m.butterworth@gmail.com> wrote:

All,

I have two network interfaces on my PC and I want to route the stub interface to the internet facing interface and perform Masquerading. My Internet facing NIC is set to use zone drop and my inside facing zone is set to use zone trusted. 

# enable routing

echo 1 > /proc/sys/net/ipv4/ip_forward

# verify IP forwarding is enabled.
cat  /proc/sys/net/ipv4/ip_forward
1

# Configure Masquerade zone
firewall-cmd --zone=drop --add-masquerade --permanent
firewall-cmd --reload

# check masquerade configuration
firewall-cmd --zone=drop --query-masquerade
yes

# Ping Test Internet facing NIC.

ping -4 www.google.com
6 packets transmitted, 6 received, 0% packet loss, time 5008ms

# Ping test internal facing NIC.

ping -4I enx0000000011f1 www.google.com

23 packets transmitted, 0 received, 100% packet loss, time 22532ms

When sourcing from the internal NIC the ping fails which leads me to believe Masquerade is not working.

Am I missing something?

I solved the problem. It was not with my Linux Machine it was with my Juniper Router running in security context mode instead of routing context mode. Everything works now as expected. 

 

Tim

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀