On Wed, Jan 28, 2026 at 04:36:28PM +0100, Nicolas Kovacs wrote: > Hi, > > I'm currently replacing Rocky Linux 8 on a routerboard in my office by > Debian 13, and I have some trouble getting packet forwarding working with > FirewallD. > > Side note 1: to keep things simple, I'm working directly as root in the > examples below.
No idea about firewalld, so take this with a grain of salt. What sticks out for me is: [...] > Old setup under Rocky Linux 8 > ----------------------------- [...] > external (active) [...] > forward: no > masquerade: yes [...] > internal (active) [...] > forward: no > masquerade: no [...] > New setup under Debian 13 > ------------------------- [...] > external (active) [...] > forward: yes > masquerade: yes [...] > internal (default, active) [...] > forward: yes > masquerade: no [...] I.e. in your old setup you have "forward: no" on both interfaces, in the new it's "forward: yes" on both. Masquerade values are equal on both setups (i.e. "yes" on the external). IIUC you don't want forwarding, just masquerading in the external interface, since the internal network is an NAT. But, as I said, grain of salt and all that :-) Cheers -- tomás
signature.asc
Description: PGP signature
