My network is linke this:
InternetLink <> 18.104.22.168 - Fedora32 - 192.168.44.1 <192.168.44.0/24>Physical Windows clients
Fedora32 running firewalld and named. Network config by systemd-networkd
Physical Win10 client
- 192.168.44.44 (static)
- GW: 192.168.44.1
- DNS: 192.168.44.1
Problem: Win10 can access internet by IP, but not by Name .
What should be the correct firewalld zone/command to make it work?
- stop firewalld, DNS query OK, but Internet ping by IP not working (as firewalld is doing IP Masquerade)
- start firewalld, Internet ping by IP working, but DNS query to DNS 192.168.44.1 timeout
I think that you should allow DNS traffic in the firewall, on the zone of the internal interface.
Something like that:
- Get the active zones:
- Allow DNS quesies on the zone called internal.
firewall-cmd --zone=internal --add-service=dns
- Test if dns queries are now working.
- If it is ok, let’s make the rule permanent upon reboots.
Do I need to manually add my interfaces to any firewalld zones?
I guess I should add 22.214.171.124 to external and 192.168.44.44 to internal .
It depends how you configured your firewall.
Please provide the result of this command
I don’t know if all steps are neccessary. After step 4, my physical Win10 machine can do DNS query to my Fedora Host and access Internet using the Fedora Host as gateway.
Thank you very much for your hints and directions.
- add interface br2 (uplink) to external zone (Win10 can ping 126.96.36.199)
- add interface enp1s0 to internal zone
- edit /etc/named.conf
- Add host internal IP to listen-on port 53
- Add internal subnet to allow-query
- add dns service to internal zone
#firewall-cmd --add-service=dns --zone=internal
# firewall-cmd --get-active-zones
# firewall-cmd --list-all --zone=external
# firewall-cmd --list-all --zone=internal
services: dhcpv6-client dns mdns samba-client ssh
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.