Hello,
I have a machine I am running RHEL 8 on. there are two interfaces and I
want to forward all traffic between those interfaces (for the src and
dst in the subnet a wireless device is on).
One interface is connected to a switch, WAN side. The other ethernet
port has an access point, connected wired.
I did turn on ipforwarding, and thought I needed only two firewall rules.
sysctl -w net.ipv4.ip_forward=1
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o eno1 -i
enp0s20u4u1 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o enp0s20u4u1 -i
eno1 -j ACCEPT
However, when I try to do a DNS lookup, it looks like it is being
blocked/stopped by the firewall, because when I stop the firewall, it
just seems to work. With the firewall up and running, however I can ping
an ip address.
for example; if I do "ping www.google.com" I get a "ping
www.google.com: Name or service not known" If I use an IP address
(from www.google.com), it just works.
from what I understand is that iptables lets traffic through that way,
but bftables does not. One solution suggested was to change the
firewalld backend to iptables, which works, but since at some point I'd
need to have it work with the nftables back end, I might as well look
into that now.
So; how do I set up the firewal effectvely with the same result as
with iptables?
thanks,
Ron
