How to use SNAT with firewalld (vs MASQ)

Question

I have an Fedora 26 server I use as a gateway/router (Along with other things) 2 NIC's and a static external IP

I am used to iptables and I use SNAT vs MASQ

I have done a good bit of searching for how to use SNAT with firewalld - but cannot find anything.

score 3 · Answer 1 · answered Sep 01 '17 at 13:36

You have to use direct options:

[--permanent] --direct --add-rule { ipv4 | ipv6 | eb } table chain priority args
Add a rule with the arguments args to chain chain in table table with priority priority.

firewall-cmd --permanent --direct --add-rule NAT POSTROUTING  0 -o eth0 -j SNAT --to 1.2.3.4

or

--direct --passthrough { ipv4 | ipv6 | eb } args
Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs.

firewall-cmd --permanent --direct --passthrough -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

How to use SNAT with firewalld (vs MASQ)

1 Answers1

Linked