Masquerading and Network Address Translation

If your firewalld server is your network router running RHEL 7, you may wish to provide access to the Internet to your internal hosts on a private network. If this is the case, we can enable masquerading. This is also known as NAT (Network Address Translation), where the server's public IP address is used by internal clients. To establish this, we can make use of the built-in internal and external zones and configure masquerading on the external zone. The internal NIC should be assigned to the internal zone and the external NIC should be assigned to the external zone.

To establish masquerading on the external zone, we can use the following command:

# firewall-cmd --zone=external --add-masquerade

Masquerading ...

Get Learning RHEL Networking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning RHEL Networking by Andrew Mallett

Masquerading and Network Address Translation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly