[opensuse-factory] FirewallD and routing
I recently tried to migrate from SuSEfirewall2 to FirewallD on my Tumbleweed desktop. The automatic migration failed completely. No single port from my SuSEfirewall2 configuration was opened in FirewallD after the migration. Now I plan to migrate an openSUSE Leap server (from 42.3 over 15.0 to 15.1). Networking on both computers (desktop and server) is very similar. Both computers have a network interface eno1 and a bridge br0, which connects the hardware interface eno1 with the KVM machines. There are additional network interfaces to docker containers (docker0) and KVM machines (br-<something>). All docker containers and KVM machines need client access to the Internet. That's why the firewall for the host needs a routing configuration. I found some blog articles about FirewallD configuration for routing. But the blog articles I found only mention FirewallD direct rules for configuring IPTables FORWARD rules. I can't find more high level configuration tips. How are you configuring routing with FirewallD? Greetings, Björn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Bjoern Voigt
I recently tried to migrate from SuSEfirewall2 to FirewallD on my Tumbleweed desktop. The automatic migration failed completely. No single port from my SuSEfirewall2 configuration was opened in FirewallD after the migration.
Now I plan to migrate an openSUSE Leap server (from 42.3 over 15.0 to 15.1).
Networking on both computers (desktop and server) is very similar. Both computers have a network interface eno1 and a bridge br0, which connects the hardware interface eno1 with the KVM machines. There are additional network interfaces to docker containers (docker0) and KVM machines (br-<something>).
All docker containers and KVM machines need client access to the Internet. That's why the firewall for the host needs a routing configuration.
I found some blog articles about FirewallD configuration for routing. But the blog articles I found only mention FirewallD direct rules for configuring IPTables FORWARD rules. I can't find more high level configuration tips.
How are you configuring routing with FirewallD?
the migration app worked for me ?? but I did have to do a small amount of tweaking. there is a yast plugin for firewalld and there is firewall-config (which is for firewalld). and I did a little goooogggelling for specific examples -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Patrick Shanahan wrote:
the migration app worked for me ?? but I did have to do a small amount of tweaking. there is a yast plugin for firewalld and there is firewall-config (which is for firewalld). I know the YaST firewall plugin und the firewall-config GUI. But unfortunately both tools do not even mention routing or forwarding features of FirewallD.
I have to find a working solution until end of June. Any tips? Greetings, Björn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Bjoern Voigt
Patrick Shanahan wrote:
the migration app worked for me ?? but I did have to do a small amount of tweaking. there is a yast plugin for firewalld and there is firewall-config (which is for firewalld). I know the YaST firewall plugin und the firewall-config GUI. But unfortunately both tools do not even mention routing or forwarding features of FirewallD.
I have to find a working solution until end of June. Any tips?
there is a discussion here of utilizing firewalld as a router and how forwarding traffic was handled: https://www.centos.org/forums/viewtopic.php?t=53819 -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
This seems much more like a support question please ask at support@opensuse.org or in one of openSUSE's other support channels (this is not one of them). On 01/06/2019 00:21, Bjoern Voigt wrote:
I recently tried to migrate from SuSEfirewall2 to FirewallD on my Tumbleweed desktop. The automatic migration failed completely. No single port from my SuSEfirewall2 configuration was opened in FirewallD after the migration.
Now I plan to migrate an openSUSE Leap server (from 42.3 over 15.0 to 15.1).
Networking on both computers (desktop and server) is very similar. Both computers have a network interface eno1 and a bridge br0, which connects the hardware interface eno1 with the KVM machines. There are additional network interfaces to docker containers (docker0) and KVM machines (br-<something>).
All docker containers and KVM machines need client access to the Internet. That's why the firewall for the host needs a routing configuration.
I found some blog articles about FirewallD configuration for routing. But the blog articles I found only mention FirewallD direct rules for configuring IPTables FORWARD rules. I can't find more high level configuration tips.
How are you configuring routing with FirewallD?
Greetings, Björn
-- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Bjoern Voigt
-
Patrick Shanahan
-
Simon Lees