[Swan] Firewalld libreswan centos8
ianw at checksum.net.au
Mon Dec 23 11:47:42 UTC 2019
While it's not really a libreswan issue I thought that someone here
might be able to assist.
With a datacentre network of 10.10.10.0/20 and a libreswan ipsec
allocated network of ( 10.200.200.16- 10.200.200.64) ie 10.200.200.0/24
I want traffic to allow traffic to be able to route between the
networks. I don't want to use NAT and I would like to use the
The reason for not wanting NAT is that when services are consumed the
source IP address is logged which is associated with an end user.
I can ping between the hosts, so routing appears to be correct.
Everything routes correctly when I stop firewalld.
I had thought that this would be pretty simple with something like the
firewall-cmd --zone=work --add-rich-rule='rule family="ipv4" source
address="10.200.200.0/24" destination address="10.10.10.0/20" protocol
value="tcp" log level="warning" accept'
However the traffic was dropped still being dropped by the firewall.
I then throught that a direct rule might help.
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i
ens3 -o ens7 -p tcp --dport 53 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
However that didn't work either.
Any advice on the best way to set this up would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan