Arch Linux

zynex

Member

Registered: 2019-03-20

Posts: 29

[SOLVED] FirewallD source IP problem, uses server IP

I have a setup with Arch running as a host for virtualisation (KVM) for a couple of guests (also Arch), including a web server with NextCloud and WordPress. On the server I have IP forwarding and NAT and external domains pointing to my setup, that redirect the request to the correct guest machine. Both the host and gest is on the same subnet and use a bridge interface for the connection.

Everything works good, except that the source IP from the external connection (fx 158.174.54.232) isn't forwarded to the guest, but instead replace it with the IP of the gateway (192.168.x.x). This hasn't always been the case, it did work until jan 29 then it just started replacing the the IP with the internal one. I had trouble with this last year to. This could be a potential security risk because the server thinks it's a local connection (have some rules to block external connection to the WorkPress back end fx, which is now exposed).

Everything worked until oct 6th last year, then the problem occurred and just started to work again nov 30th. The it just stopped working again a month ago. To my knowledge, I haven't changed anything in setup configuration for the network.

Anyone have any idea what's going on here? I talked to a teacher I had in CCNA course, and he was a bit baffled to.

Last edited by zynex (2022-02-25 10:31:06)

zynex

Member

Registered: 2019-03-20

Posts: 29

Re: [SOLVED] FirewallD source IP problem, uses server IP

I actually found the solution for my problem once and for all, or more what I had done wrong. It just struck me that I have added masquerade on the internal zone to (not just the external one) to circumvent another issue I had with my VPN not being able to access internal resources. When I thought about this everything made seance Now I just need to find out how to get WireGaurd to access my internal resources

Last edited by zynex (2022-02-25 10:34:49)