[lug] Fedora, NAT, masquerading...iptables Rules versus firewall-config App

stimits at comcast.net stimits at comcast.net
Tue Jun 10 23:44:51 MDT 2014


Replying to my own question, some of the results might help someone. I'm still left with questions though for the firewall-config GUI app. In terms of DNS, the issue was not IPv4 versus IPv6...it was just a bad entry in the /etc/resolv.conf.

For this command line (FYI, p2p1 is my private non-routable net, em1 is my public net):
iptables -A FORWARD -i p2p1 -j ACCEPT
...the alternative using firewall-config GUI app is to go into Direct Configuration, Rules tab:
   Select ipv "ipv4"
   Select table "filter"
   Select chain "FORWARD"
   Enter args "-i p2p1 -j ACCEPT"

I know firewalld tries to keep rule order, but I have not seen an explanation of the GUI item "Priority". It defaults to "0", but I'm not sure if this amounts to "append" in the iptables command. Since the GUI does not list any built in chains or rules in the Direct Configuration tab, it's hard to say what it's really doing. Can anyone here explain better how Priority in the firewall-config GUI chains existing firewall rules in relation to the old iptables "-A" (append) switch? For all of the iptables equivalents in the firewall-config I let it default to priority "0".

For this command:
iptables -A FORWARD -o p2p1 -j ACCEPT
   Select ipv "ipv4"
   Select table "filter"
   Select chain "FORWARD"
   Enter args "-o p2p1 -j ACCEPT"

The difference on the next command is table "nat" instead of "filter":
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
   Select ipv "ipv4"
   Select table "nat"
   Select chain "POSTROUTING"
   Enter args "-o em1 -j MASQUERADE"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20140611/1687513e/attachment.html>


More information about the LUG mailing list