RHEL8: IP packets forwarding doesn't work

Latest response


I can't configure rhel8 server to work as local gateway.

net.ipv4.ip_forward = 1 is enabled, but clients of this gw can't acess external network

I also applied commands which works well on rhel7:
server have 2 nic
int1 : and ext :, and i try configure forwarding with firewalld:

firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o ext1 -j MASQUERADE; 
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i int1 -o ext1 -j ACCEPT; 
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i ext1 -o int1 -m state --state RELATED,ESTABLISHED -j ACCEPT;

on client servers:

ip route add default via 

But, like I said, it's work fine only with rhel7 gateway server. With rhel8 i get this

[root@client1 ~]# traceroute -T -p 443 access.redhat.com
traceroute to (, 30 hops max, 60 byte packets
 1  _gateway (  1.435 ms  0.946 ms  6.314 ms
 2  _gateway (  6.292 ms !X  6.264 ms !X  6.235 ms !X

also i tried to disable NetworkManager and install legacy network-scripts but without success.

please explain to me where i am wrong.


I have the same problem.Set ip with NetworkManager, RHEL8 server even can not ping clients. I try iptables and nft, they all have the same problem.

I don't know if you have resolved this yet but I ran into a similar problem when I was forced to replace an older RHEL6 system with RHEL8. I could not get forwarding to function until I ran across this statement in chapter 23 of the RHEL8 "Configuring and managing networking" document.

"connection.zone firewalld_zone: Assigns the network interface to the defined firewalld zone. Note that firewalld automatically enables masquerading for interfaces assigned to the external zone."

Once I changed the zone of my external interface forwarding began to function. This is the command I used.

firewall-cmd --zone=external --change-interface=net0 --permanent