On 1/6/25 11:11 AM, Dario Lesca wrote:
I can't use MASQUERADE because I must go out with a specific additional
external IP, then I must use a SNAT rule in the place of MASQUERADE
Do as indicated in the object with nft found here:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-configuring_nat_using_nftables#sec-Configuring_source_NAT_using_nftables
But I would like to be able to activate a SNAT via firewall-cmd.
Can anyone kindly tell me which command line I should use?
I found an answer here and tested it to verify it works:
https://stackoverflow.com/questions/61679837/how-do-i-do-a-snat-in-firewalld
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -d
172.17.0.0/16 -p all -j SNAT --to 5.6.7.8
Where 5.6.7.8 is the interface IP address you want to use.
There's a firewalld issue for better support:
https://github.com/firewalld/firewalld/issues/1384
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
