I've just installed Fedora 19 and I'm using firewalld instead of iptables, but I'm having difficulty interpretting the new terminology.
I have 2 NICs. One is specificed ZONE="internal" and the other "external" in the ifcfg-* files, I have set ipv4.forwarding = 1 in /etc/sysctl.conf, and run firewall-cmd --zone=external --add-masquerade
However, when I attempt to route from any machine on the internal network I'm getting Destination Host Prohibited and of course if I disable firewalld the error goes away but then I lose masquerading.
In iptables there was a ruleset called FORWARD, but in firewalld I can only find --add-port-forward which isn't the same thing.
How do I allow routing in firewalld ?
... I made some progress ...
# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens4 -o eth1 -j ACCEPT
Will allow routing, but its not persistent, and doesn't allow the --permanent option. How do I make this persistent accross reboots?
firewall-cmd
should allow you to make this a--permanent
rule.