> On 23 Jun 2016, at 14:45, Ken Teh <t...@anl.gov> wrote: > > I'm trying to set up NAT on an SL7x machine. I know how to do it via > iptables but am a little hesitant because of firewalld. > > It's obvious from the lack of /etc/sysconfig/iptables that iptables > configuration is stored elsewhere probably in several xml files.
Just in case: after yum install iptables-services systemctl mask firewalld.service systemctl enable iptables.service things are back to what they were before firewalld. > I'm going to try to do it via 'firewall-cmd --direct' in the hopes that > my reconfiguration is stored across reboots. > > I dumped out the nat table. There are several chains that did not exist > in SL6x. They appear to be stubs. Does anyone know what their intended > purpose is? For example, my default zone is 'work' and I see among > others, POST_work, POST_work_log, POST_work_deny, POST_work_allow, etc. > > The POSTROUTING chain also contains several targets with explicit rules > on 192.168.122.0/24. Googling says they are libvirt related. I suppose > I could retain them Does anyone know if things will break if I delete > them? It's a NAT gateway, not a virtualization server. -- Stephan Wiesand DESY - DV - Platanenallee 6 15738 Zeuthen, Germany