Convert iptables command to a firewalld one

Centos 7 running firewalld.

How do I convert this;

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

to a command for firewalld to understand.
LVL 1
Mark LewisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
The eth0 interface should be connected to the external zone AFAICT.
i am not sure it the masquerade can still be done like that with a specific ip range.


Digital Ocean has some good guides on several subjects..

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
0
Mark LewisAuthor Commented:
All I am looking for is the alternative iptables command for the firewalld package.

Anyhow, here is the answer.

firewall-cmd --add-service openvpn
firewall-cmd --permanent --add-service openvpn
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
I have no clue how POSTROUTING -s 10....  translates to --add-service openvpn, if the openvpn isn't mentioned in the Q?
mentioning that it was meant for a service makes QUITE some difference.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Mark LewisAuthor Commented:
No, I found that solution but it would be the same even if I was using a port number rather than a name.
0
nociSoftware EngineerCommented:
It would have been different if openvpn was mentioned.... for several services receipes have been made to create dereived results.

iptables rules are derived results, firewalld are halfway derived results.   the use of openvpn is the trigger. (i this case).
to to go from one derived result to another leaves a lot to the imagination.
My suggestion would be to delete the question.
0
Mark LewisAuthor Commented:
I'm not sure I can agree. The question is asking how to enter the required rule shown but using firewalld.
Even if a service had been mentioned, the question would be the same. How do you convert that rule using firewalld.
0
nociSoftware EngineerCommented:
if openvpn was mentioned then i would have suggested that your needed a firewalld -set-service......
set-service is for service oriented updates, based on data in the openvpn product.

You asked for a MASQUERADE rule to be converted, there is no need if the external interface is declared correctly.
because firewalld uses masquerade itself as an attribute on a zone, possible problem being you also need changes because of the -s.
Anyway good luck with your solution, and i still suggest delete for this question. And next time please supply all relevant info .


Your question is now like:  
Q:  I am searching for some blue stuff.....
A:  that might be water, or a rainbow.
You answer:  Oh i found the solution, it is grass.
0
Mark LewisAuthor Commented:
You really should tone down your rude comments. I've given you a ton of solutions even when it wasn't quite what I was looking for but it could help others. In this case, I specifically asked for a conversion to a specific iptables command. You never gave that but you say it's because I didn't ask the question properly.

Go look at your replies, not one shows the correct command to convert the iptables command.
0
Mark LewisAuthor Commented:
Found my own solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.