Re: IP-routing fails after upgrade F33->F34

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/05/2021 20:33, Jouk Jansen wrote:

Hi All,

I'm using one of my Fedora machines as a router between 2 networks. The two
network devices on the machine are called enp0s25 and tun0. On F33 it worked
as expected. However, after an upgrade to F34 It looks like it does not work
anymore.


I tried to give the commands
   firewall-cmd [--permanent]  --direct --add-rule ipv4 filter FORWARD 0 -o enp0s25 -i tun0 -j ACCEPT
   firewall-cmd [--permanent]  --direct --add-rule ipv4 filter FORWARD 0 -i enp0s25 -o tun0 -j ACCEPT
But had no success (not even after restarting firewalld).





"firewall-cmd --list-all" gives the following:
FedoraWorkstation (active)
   target: default
   icmp-block-inversion: no
   interfaces: enp0s25 tun0
   sources:
   services: dhcpv6-client mountd nfs rpc-bind samba-client ssh telnet
   ports: 1025-65535/tcp 1025-65535/udp
   protocols:
   forward: no
   masquerade: yes
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

The strange thing is that "forward" is always "no". (also the masquerade is
always "no" after restarting firewalld, although it is set with --permanent,
but can be set in run-time)



the forwarding variable is defined:
net.ipv4.conf.all.forwarding = 1


Can someone give me some hints on what I'm missing?



While I don't fully understand your issue, I wonder if the new addition to firewalld may help.

https://firewalld.org/2020/04/intra-zone-forwarding

And, FWIW, firewalld has used nftables since, I think, F32.  You can always check /etc/firewalld.conf
to see what....

FirewallBackend=nftables

is set to.

--
Remind me to ignore comments which aren't germane to the thread.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux