Masquerading and Network Address Translation
If your firewalld server is your network router running RHEL 7, you may wish to provide access to the Internet to your internal hosts on a private network. If this is the case, we can enable masquerading. This is also known as NAT (Network Address Translation), where the server's public IP address is used by internal clients. To establish this, we can make use of the built-in internal and external zones and configure masquerading on the external zone. The internal NIC should be assigned to the internal zone and the external NIC should be assigned to the external zone.
To establish masquerading on the external zone, we can use the following command:
# firewall-cmd --zone=external --add-masquerade
Masquerading is removed using the --remove-masquerade option. We may also query the status of masquerading in a zone using the --query-masquerade option. In the following screenshot, we can see masquerading being enabled and then queried with the resulting...
