Subject: | |
From: | |
Reply To: | |
Date: | Thu, 23 Jun 2016 17:30:57 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> On 23 Jun 2016, at 14:45, Ken Teh <[log in to unmask]> wrote:
>
> I'm trying to set up NAT on an SL7x machine. I know how to do it via
> iptables but am a little hesitant because of firewalld.
>
> It's obvious from the lack of /etc/sysconfig/iptables that iptables
> configuration is stored elsewhere probably in several xml files.
Just in case: after
yum install iptables-services
systemctl mask firewalld.service
systemctl enable iptables.service
things are back to what they were before firewalld.
> I'm going to try to do it via 'firewall-cmd --direct' in the hopes that
> my reconfiguration is stored across reboots.
>
> I dumped out the nat table. There are several chains that did not exist
> in SL6x. They appear to be stubs. Does anyone know what their intended
> purpose is? For example, my default zone is 'work' and I see among
> others, POST_work, POST_work_log, POST_work_deny, POST_work_allow, etc.
>
> The POSTROUTING chain also contains several targets with explicit rules
> on 192.168.122.0/24. Googling says they are libvirt related. I suppose
> I could retain them Does anyone know if things will break if I delete
> them? It's a NAT gateway, not a virtualization server.
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany
|
|
|