5.10. Configuring IP Address Masquerading
IP masquerading is a process where one computer acts as an IP gateway for a network. For masquerading, the gateway dynamically looks up the IP of the outgoing interface all the time and replaces the source address in the packets with this address.
You use masquerading if the IP of the outgoing interface can change. A typical use case for masquerading is if a router replaces the private IP addresses, which are not routed on the internet, with the public dynamic IP address of the outgoing interface on the router.
To check if IP masquerading is enabled (for example, for the
external
zone), enter the following command as root
:
~]# firewall-cmd --zone=external --query-masquerade
The command prints
yes
with exit status 0
if enabled. It prints no
with exit status 1
otherwise. If zone
is omitted, the default zone will be used.
To enable IP masquerading, enter the following command as
root
:
~]# firewall-cmd --zone=external --add-masquerade
To make this setting persistent, repeat the command adding the
--permanent
option.
To disable IP masquerading, enter the following command as
root
:
~]# firewall-cmd --zone=external --remove-masquerade
To make this setting persistent, repeat the command adding the
--permanent
option.