Hello,
I have a machine I am running Centos/RHEL 8 on. there are two interfaces and I want to forward all traffic between those interfaces (for the src and dst in the subnet a wireless device is on).
One interface is connected to a switch, WAN side. The other ethernet port has an access point, connected wired.
I did turn on ipforwarding, and thought I needed only two firewall rules.
sysctl -w net.ipv4.ip_forward=1 firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o eno1 -i enp0s20u4u1 -j ACCEPT firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o enp0s20u4u1 -i eno1 -j ACCEPT
However, when I try to do a DNS lookup, it looks like it is being blocked/stopped by the firewall, because when I stop the firewall, it just seems to work. With the firewall up and running, however I can ping an ip address.
for example; if I do "ping www.google.com" I get a "ping www.google.com: Name or service not known" If I use an IP address (from www.google.com), it just works.
what am I missing (probably a rule in the firewall?)
thanks,
Ron
On 26/4/21 8:42 am, R C wrote:
... for example; if I do "ping www.google.com" I get a "ping www.google.com: Name or service not known" If I use an IP address (from www.google.com), it just works.
Sometimes seeing the traffic flow reveals what's really going on. To that end, run command below on the firewall box: tcpdump -i any port 53 or port 5353 Then on the client, query www.google.com
On 1/5/21 2:15 pm, Anthony K wrote:
On 26/4/21 8:42 am, R C wrote:
... for example; if I do "ping www.google.com" I get a "ping www.google.com: Name or service not known" If I use an IP address (from www.google.com), it just works.
Sometimes seeing the traffic flow reveals what's really going on. To that end, run command below on the firewall box: tcpdump -i any port 53 or port 5353 Then on the client, query www.google.com
That didn't format well at all - one more try:
On firewall: tcpdump -l -n -i any port 53 or port 5353 ---
On client: query www.google.com
from what I heard,
nftables doesn't support forward rules yet, until RHEL/Centos 8.5 at this time it can be "resolved" using iptables as the firewall backend, but not nftables (which is not ideal, but ... ) .
Ron
On 4/30/21 10:19 PM, Anthony K wrote:
On 1/5/21 2:15 pm, Anthony K wrote:
On 26/4/21 8:42 am, R C wrote:
... for example; if I do "ping www.google.com" I get a "ping www.google.com: Name or service not known" If I use an IP address (from www.google.com), it just works.
Sometimes seeing the traffic flow reveals what's really going on. To that end, run command below on the firewall box: tcpdump -i any port 53 or port 5353 Then on the client, query www.google.com
That didn't format well at all - one more try:
On firewall: tcpdump -l -n -i any port 53 or port 5353 ---
On client: query www.google.com
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 01.05.21 06:27, R C wrote:
from what I heard,
nftables doesn't support forward rules yet, until RHEL/Centos 8.5 at
If true does it means that its already in CentOS Stream 8? Just guessing ...
this time it can be "resolved" using iptables as the firewall backend, but not nftables (which is not ideal, but ... ) .
-- Leon
-
Anthony K -
Leon Fauster -
R C