If this was native nft or iptables it would be just one line to fix it. But now I need to do this with firewalld Which doesn’t make it easier for me.
I have the following firewall block on the laptop (10.42.0.1, the pc is 10.42.0.2):
FINAL_REJECT: IN=enp0s31f6 OUT=wlp2s0 MAC= SRC=10.42.0.2 DST=188.8.131.52 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=16989 DF PROTO=TCP SPT=35458 DPT=53 WINDOW=64240 RES=0x00 SYN URGP=0
I want to share an internet connection between een laptop (which has internet via wifi) and another computer that only has a UTP connection. So I connected an UTP cable between the laptop and pc. In network manager I selected “share connection with another computer” for the wired connection and boom, it worked. I could ping 184.108.40.206 from the pc. But other traffic is dropped, as seen above.
This is my firewalld config on the laptop:
firewall-cmd --list-all --zone=internal internal (active) target: default icmp-block-inversion: no interfaces: enp0s31f6 wlp2s0 sources: services: dhcpv6-client mdns samba-client ssh vnc-server ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" destination address="220.127.116.11" protocol value="igmp" accept rule family="ipv4" source address="10.42.0.0/24" accept
Both the wired and wifi connection are in the same zone, and I allow the 10.42.0.0/24 as a source. But it still is getting blocked. I have the feeling this is due to not allowing the interfaces to reach each other. Enabling forwarding in the zone didn’t change anything either. It’s set to disabled now again, since I can already ping 18.104.22.168.