i want to use almalinux as a vpn gateway.
its a virtual machine by my internetprovider with 2 public static ip addresses on eth0.
i route traffic from ip1 to 10.2.1.10 and ip2 to 10.2.1.11 (wireguard network). All easy. But i dont know how can i route outgoing traffic: ip 10.2.1.10 should use public ip1, 10.2.1.11 should use public ip2.
is this szenario with firewalld possible?
I do this on Ubuntu, so you probably could find something similar. I have an AL9 intermediate gateway, which connects to an ubuntu VM with a public IP.
Is your AL config doing the NAT masquerade? Or do you have a router/gateway doing that for you?
WG_ENDPOINT="gateway.example.com"
WG_ENDPOINT_PORT="51820"
IF_HOST="eth0"
IF_HOST_IP="1.2.3.4"
IF_WG="wg0"
IF_WG_IP_SERVER="10.9.8.1"
IF_WG_NETMASK="24"
IF_WG_IP_CLIENT="10.9.8.7"
PERMANENT="--permanent" # simply test szenario if it's blank
firewall-cmd $PERMANENT --zone=public --add-interface=$IF_WG
firewall-cmd $PERMANENT --zone=public --add-masquerade
[[ "$WG_ENDPOINT_PORT" == "51820" ]] && FW_WG_SERVICE="--add-service wireguard" || FW_WG_SERVICE="--add-port=$WG_ENDPOINT_PORT/udp"
firewall-cmd $PERMANENT --zone=public $FW_WG_SERVICE
# forwarding for http and https
for p in 80 443; do
firewall-cmd $PERMANENT --zone=public --add-rich-rule="\
rule destination address=$IF_HOST_IP \
forward-port port=$p protocol=tcp \
to-port=$p to-addr=$IF_WG_IP_CLIENT \
family=ipv4"
done
[[ "$PERMANENT" == "--permanent" ]] && firewall-cmd --reload
This is the code for one ip adress. To use for more public ips its only neccassary to modify the firewall-cmd in the for loop.
for outgoing traffic its enough to add masquerade. but masquerade uses always the default ip address
how it is possible (with firewalld) to use a specific outgoing ip address with only one interface (eth0)?