[router, connected to WAN]
|
|
[ L1 ]
.
.
[ L2 ]
I want to share an internet connection (via wireless) from L1 with L2. Both L1 & L2 have Fedora 35 installed.
L1 network interfaces are:
-
lan
, 192.168.1.33, that is connected to a router via ethernet. It’s NAT’ed. -
wifi
, 10.42.0.1. that is the result of ‘Create New Wi-Fi Network’ dialog from NetworkManger GUI (nm-applet). This is the interface through which L2 connects to L1.
lan
is in external
firewalld zone, wifi
is in nm-shared
:
$ sudo firewall-cmd --list-all-zones | awk 'BEGIN {RS=""; ORS="\n\n"} /interfaces: (lan|wifi)/'
nm-shared (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: wifi
sources:
services: dhcp dns ssh
ports:
protocols: icmp ipv6-icmp
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
external (active)
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
After L2 connects to L1 I expect the former to be under a ‘double NAT’. Unfortunately, while L2 successfully obtains its IP (10.42.0.233) & can ssh to L1, I can’t even ping 1.1.1.1 from L2.
I run wireshark on both L1 network interfaces: lan
doesn’t see packets destined for WAN, they all get dropped after arriving to wifi
.
I tried:
-
running
firewall-cmd --add-forward --zone nm-shared
; didn’t help; -
putting both
lan
&wifi
in ‘trusted’ firewalld zone, thenfirewall-cmd --add-forward --zone trusted
& clicking on ‘masquerade’ for ‘trusted’ zone in firewall-config GUI; didn’t help either.