Hi.
If you are migrating between versions, make a backup of the
configuration and do a "shorewall upgrade" before starting shorewall.
Ensure firewalld is stopped and disabled (this is important, or else
"pure" nftable rules it generates will take precedence).
Also make sure that the interface name is correct and that it didn't
change in Rocky Linux 9.
And if you aren't enabling IP_FORWARDING by any other means, make sure
it's IP_FORWARDING=Yes in shorewall.conf
If it still doesn't work, please show more complete configuration
(omitting anything that could be private).
On 14/02/2024 10:21, rcor...@edos.cl wrote:
Hi!
is a simple scenario with 2 NIC, WAN and LAN.
LAN-> WAN with full access
same config with shorewall 5.1 dont work with 5.2
snat file contain:
MASQUERADE 192.168.1.0/24 enp32s0f0
shorewall.conf change startup=YES
some command to try debug why work with 5.1 but same config dont with
5.2?
Thx
El 2024-02-13 18:49, Tuomo Soini escribió:
On Tue, 13 Feb 2024 21:15:52 +0000
Rodrigo Araujo <araujo...@gmail.com> wrote:
It works fine here with rpms rebuilt from the Fedora src.rpm packages
and iptables-legacy packages from EPEL.
Ensure you remove (or at least disable and stop) firewalld, and also
make sure the ipset package is installed. Other than that, I'm not
remembering anything.
It also works very well with iptables-nft (so without iptables-legacy).
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
