Ed Greshko writes:
I see.... I've not worked with masquerading in a firewalld environment. I've only done it with shoreview as the IP Tables manipulator....With that in mind, since you have 2 LAN interfaces are they assigned to different zones? One with masquerading turned on, the other off and then tried pointing the client tools to the non-masquerading IP.
No, the way I set this up is with one zone, with everything blocked by default, and a rich rule enabling everything for the LAN IP segment.
The server's headless, and I have to do everything via ssh, and firewalld's GUI does not seem to work with X11 forwarding, it seems, which is another bug; so I have to do everything with firewall-cmd.
I guess I have to figure out how to set up individual LAN interfaces into non-default zones using firewall-cmd, and try that, to see if it works.
But I still think that a plain --add-masquerade should not be screwing around with 127.0.0.1
Attachment:
pgp4H2Xr5kJjl.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
