CentOS - May 2021 - ipforwarding between interfaces and firewall rules

Hello,


I have a machine I am running Centos/RHEL 8 on. there are two interfaces 
and I want to forward all traffic between those interfaces (for the src 
and dst in the subnet a wireless device is on).

One interface is connected to a switch, WAN side. The other ethernet 
port has an access point, connected wired.

I did turn on ipforwarding, and thought I needed only two firewall rules.


sysctl -w net.ipv4.ip_forward=1
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o eno1 -i 
enp0s20u4u1 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o enp0s20u4u1 -i 
eno1 -j ACCEPT


However,? when I try to do a DNS lookup, it looks like it is being 
blocked/stopped by the firewall, because when I stop the firewall, it 
just seems to work. With the firewall up and running, however I can ping 
an ip address.


for example; if I do "ping www.google.com"? I get a "ping 
www.google.com: Name or service not known"? If I use? an IP address 
(from www.google.com), it just works.


what am I missing (probably a rule in the firewall?)


thanks,


Ron

On 26/4/21 8:42 am, R C wrote:
> ...
> for example; if I do "ping www.google.com"? I get a "ping 
> www.google.com: Name or service not known"? If I use? an IP address 
> (from www.google.com), it just works.
Sometimes seeing the traffic flow reveals what's really going on. To 
that end, run command below on the firewall box: tcpdump -i any port 53 
or port 5353 Then on the client, query www.google.com