[Swan] Firewalld libreswan centos8

Ian Willis ian at checksum.net.au
Tue Dec 24 08:24:14 UTC 2019

Hi All,
While it's not really a libreswan issue I thought that someone here
might be able to assist.
With a datacentre network of and a libreswan ipsec
allocated network of ( ie
I want traffic to allow traffic to be able to route between the
networks. I don't want to use NAT and I would like to use the firewall.
The reason for not wanting NAT is that when services are consumed the
source IP address is logged which is associated with an end user.
I can ping between the hosts, so routing appears to be
correct.Everything routes correctly when I stop firewalld.  
I had thought that this would be pretty simple with something like the
firewall-cmd --zone=work --add-rich-rule='rule family="ipv4"   source
address="" destination address="" protocol
value="tcp" log level="warning" accept'
However the traffic was dropped still being dropped by the firewall.
I then throught that a direct rule might help.
Something like 
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i
ens3 -o ens7 -p tcp  --dport 53 -m state --state
However that didn't work either. 
Any advice on the best way to set this up would be appreciated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20191224/50b34579/attachment.html>

More information about the Swan mailing list