On 04/05/2021 20:33, Jouk Jansen wrote:
Hi All, I'm using one of my Fedora machines as a router between 2 networks. The two network devices on the machine are called enp0s25 and tun0. On F33 it worked as expected. However, after an upgrade to F34 It looks like it does not work anymore. I tried to give the commands firewall-cmd [--permanent] --direct --add-rule ipv4 filter FORWARD 0 -o enp0s25 -i tun0 -j ACCEPT firewall-cmd [--permanent] --direct --add-rule ipv4 filter FORWARD 0 -i enp0s25 -o tun0 -j ACCEPT But had no success (not even after restarting firewalld). "firewall-cmd --list-all" gives the following: FedoraWorkstation (active) target: default icmp-block-inversion: no interfaces: enp0s25 tun0 sources: services: dhcpv6-client mountd nfs rpc-bind samba-client ssh telnet ports: 1025-65535/tcp 1025-65535/udp protocols: forward: no masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: The strange thing is that "forward" is always "no". (also the masquerade is always "no" after restarting firewalld, although it is set with --permanent, but can be set in run-time) the forwarding variable is defined: net.ipv4.conf.all.forwarding = 1 Can someone give me some hints on what I'm missing?
While I don't fully understand your issue, I wonder if the new addition to firewalld may help. https://firewalld.org/2020/04/intra-zone-forwarding And, FWIW, firewalld has used nftables since, I think, F32. You can always check /etc/firewalld.conf to see what.... FirewallBackend=nftables is set to. -- Remind me to ignore comments which aren't germane to the thread. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure