[CentOS] ipforwarding between interfaces and firewall rules

Sun Apr 25 22:42:01 UTC 2021
R C <cjvijf at gmail.com>


I have a machine I am running Centos/RHEL 8 on. there are two interfaces 
and I want to forward all traffic between those interfaces (for the src 
and dst in the subnet a wireless device is on).

One interface is connected to a switch, WAN side. The other ethernet 
port has an access point, connected wired.

I did turn on ipforwarding, and thought I needed only two firewall rules.

sysctl -w net.ipv4.ip_forward=1
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o eno1 -i 
enp0s20u4u1 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o enp0s20u4u1 -i 
eno1 -j ACCEPT

However,  when I try to do a DNS lookup, it looks like it is being 
blocked/stopped by the firewall, because when I stop the firewall, it 
just seems to work. With the firewall up and running, however I can ping 
an ip address.

for example; if I do "ping www.google.com"  I get a "ping 
www.google.com: Name or service not known"  If I use  an IP address 
(from www.google.com), it just works.

what am I missing (probably a rule in the firewall?)