5.10. Configuring IP Address Masquerading

To check if IP masquerading is enabled (for example, for the external zone), enter the following command as root:
~]# firewall-cmd --zone=external --query-masquerade
The command prints yes with exit status 0 if enabled. It prints no with exit status 1 otherwise. If zone is omitted, the default zone will be used.
To enable IP masquerading, enter the following command as root:
~]# firewall-cmd --zone=external --add-masquerade
To make this setting persistent, repeat the command adding the --permanent option.
To disable IP masquerading, enter the following command as root:
~]# firewall-cmd --zone=external --remove-masquerade
To make this setting persistent, repeat the command adding the --permanent option.