-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/25/15 07:14, Sam Varshavchik wrote: > Ed Greshko writes: > >> I see.... I've not worked with masquerading in a firewalld environment. I've only done it with shoreview as the IP Tables manipulator.... >> >> With that in mind, since you have 2 LAN interfaces are they assigned to different zones? One with masquerading turned on, the other off and then tried pointing the client tools to the non-masquerading IP. > > No, the way I set this up is with one zone, with everything blocked by default, and a rich rule enabling everything for the LAN IP segment. > > The server's headless, and I have to do everything via ssh, and firewalld's GUI does not seem to work with X11 forwarding, it seems, which is another bug; so I have to do everything with firewall-cmd. > > I guess I have to figure out how to set up individual LAN interfaces into non-default zones using firewall-cmd, and try that, to see if it works. OK. > > But I still think that a plain --add-masquerade should not be screwing around with 127.0.0.1 Totally agree on that point..... - -- If you can't laugh at yourself, others will gladly oblige. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlTEKPUACgkQ4JnKjVbCBvo1EwCfd21xSvPPHyya62MgN1BG3Qo5 yX8An3DXWgg3zOrXQDbI4XN5i4PoFJDt =fnKV -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
