xenophy · April 24, 2020 12:26
diff --git a/IP Masquerade using Firewalld for CentOS 8.1 b/IP Masquerade using Firewalld for CentOS 8.1
 # IP Masquerade using Firewalld for CentOS 8.1
 #
 # [Public Server]
 # "eth0": "globalIP" - connected router or WAN
 # "eth1": "10.0.0.1"  - connected local switch
 #
 # [Local Server]
 # "eth0": "10.0.1.1"  - connected local switch
 #
 #
 #           -- Public Server --                -- Local Server --  
 # [WAN] <->  [eth0]
 #            [eth1] <-----------> [Switch] <---> [eth0]
 #

 # Public Server
 firewall-cmd --zone=public --add-masquerade --permanent
 firewall-cmd --reload
 firewall-cmd --zone=public --query-masquerade
 nmcli connection modify eth1 connection.zone internal
 firewall-cmd --zone=internal --add-masquerade --permanent
 firewall-cmd --reload
 firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE
 firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth1 -o eth0 -j ACCEPT
 firewall-cmd --reload

 # Local Server
 nmcli connection modify eth0 ipv4.gateway "10.0.0.1"
 systemctl restart NetworkManager
	# IP Masquerade using Firewalld for CentOS 8.1
	#
	# [Public Server]
	# "eth0": "globalIP" - connected router or WAN
	# "eth1": "10.0.0.1" - connected local switch
	#
	# [Local Server]
	# "eth0": "10.0.1.1" - connected local switch
	#
	#
	# -- Public Server -- -- Local Server --
	# [WAN] <-> [eth0]
	# [eth1] <-----------> [Switch] <---> [eth0]
	#

	# Public Server
	firewall-cmd --zone=public --add-masquerade --permanent
	firewall-cmd --reload
	firewall-cmd --zone=public --query-masquerade
	nmcli connection modify eth1 connection.zone internal
	firewall-cmd --zone=internal --add-masquerade --permanent
	firewall-cmd --reload
	firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE
	firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth1 -o eth0 -j ACCEPT
	firewall-cmd --reload

	# Local Server
	nmcli connection modify eth0 ipv4.gateway "10.0.0.1"
	systemctl restart NetworkManager