RHEL 7.0 Firewall IP Masquerading and Port Forwarding

Latest response

I have an Intel x86_64 system running rhel 7.0
I want to use this system as a Firewall.
The system has two NICs. one NIC is defined with the static IP address from my ISP.
The other NIC is also static i.e. no dhcp, and is assigned a LAN addrs of
It is plugged into a switch ( that has other two devices plugged in.
Each with it's own hard-coded LAN address (Netmask is
I have two zones active in the firewall config External (using the static ip from the ISP)
and Internal (using the IP addrs of
I'm forwarding the following two ports 80 & 443 in both zones.
External zone: ports 80 & 443 are forwarded to my switch (
Internal zone: ports 80 & 443 are forwarded to my static IP addrs from my ISP.
I have IP masquerading turned on in both zones.
However none of the other workstations (Windows 7 professional) and my "smart" TV (netflix access)
are able to access the internet. Again I'm NOT using any dhcp, all IP addresses are hard coded.
I can ping any LAN address from any LAN node. The Linux FW machine can access the internet.
I've read thru the RHEL 7.0 Security guide regarding setting up the firewall and I believe I have all the elements defined
properly ... It just doesn't seem to work. Does anyone know of any diagnostic routines that I can use to see if the IP masquerading and port forwarding
is actually occurring?





I would first break the problem down into two and work only on getting masquerading working and remove forwarding rules until this is confirmed (to avoid confusing the configuration).

Have you enabled the IP forwarding kernel options?
I would also expect you would only need Masquerading configured on the external zone.

Is it possible to post your firewalld config?

Hi PixelDrift.NET thanks for your suggestions
I do have masquerading enabled in the external zone only. I'm using the Redhat firewalld GUI and NOT iptables.
How do I ascertain that masquerading is actually occurring?