(can modirator please delete this thread) How to convert iptables command to work with firewalld

ben_tvpp · Post by **ben_tvpp** » 2020/05/08 13:13:20

(was split off from a previous thread and I needed to add context, sorry for any inconvenience)

I have a very similar question so I thought ide tack it on here.

Code: Select all

iptables -t nat -I POSTROUTING -p all -s 172.17.0.0/16 -j SNAT --to-source 5.6.7.8

was thinking maybe

Code: Select all

firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -d 172.17.0.0/16 -p all -j SNAT --to 5.6.7.8

This is to get docker to use the secondary IP on the NIC.

Does this look correct?

Post by **TrevorH** » 2020/05/08 19:02:10

Split into its own thread. Please don't hijack other threads.

jlehtone · Post by **jlehtone** » 2020/05/08 20:17:00

ben_tvpp wrote: ↑
2020/05/08 13:13:20
to use the secondary IP on the NIC.

That is a scary topic.

You have a router.
The router routes between subnet "Docker" and subnet "WAN". With SNAT.
The router is a member to WAN too, but not with the same connection as what it uses for routing.

Frankly, I have no idea how to handle that appropriately. Some nat rules are obviously required,
but possibly policy-based routing and network namespaces too.

CentOS

(can modirator please delete this thread) How to convert iptables command to work with firewalld

(can modirator please delete this thread) How to convert iptables command to work with firewalld

Re: How to convert iptables command to work with firewalld

Re: How to convert iptables command to work with firewalld