[Swan] Firewalld libreswan centos8
ian at checksum.net.au
Tue Dec 24 08:24:14 UTC 2019
While it's not really a libreswan issue I thought that someone here
might be able to assist.
With a datacentre network of 10.10.10.0/20 and a libreswan ipsec
allocated network of ( 10.200.200.16- 10.200.200.64) ie 10.200.200.0/24
I want traffic to allow traffic to be able to route between the
networks. I don't want to use NAT and I would like to use the firewall.
The reason for not wanting NAT is that when services are consumed the
source IP address is logged which is associated with an end user.
I can ping between the hosts, so routing appears to be
correct.Everything routes correctly when I stop firewalld.
I had thought that this would be pretty simple with something like the
firewall-cmd --zone=work --add-rich-rule='rule family="ipv4" source
address="10.200.200.0/24" destination address="10.10.10.0/20" protocol
value="tcp" log level="warning" accept'
However the traffic was dropped still being dropped by the firewall.
I then throught that a direct rule might help.
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i
ens3 -o ens7 -p tcp --dport 53 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
However that didn't work either.
Any advice on the best way to set this up would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan