I have a Alma Linux 9 host with two IP addresses.
I want assign one IP to the host (This is already done) and the second one to a Ubuntu VM.
What's the best way to do this? I've set up the VM through Cockpit, and it got an internal IP address.
I tried this to add Masquerading so the traffic for the ports I need is forwarded:
sudo firewall-cmd --permanent --new-policy VMForwardPolicy
sudo firewall-cmd --permanent --policy=VMForwardPolicy --add-ingress-zone=HOST
sudo firewall-cmd --permanent --policy=VMForwardPolicy --add-egress-zone=ANY
sudo firewall-cmd --permanent --policy=VMForwardPolicy --add-rich-rule='rule family="ipv4" destination address="<public-ip>" forward-port port="22" protocol="tcp" to-port="22" to-addr="192.168.122.134"'
sudo firewall-cmd --permanent --policy=VMForwardPolicy --add-rich-rule='rule family="ipv4" destination address="<public-ip>" forward-port port="443" protocol="tcp" to-port="443" to-addr="192.168.122.134"'
sudo firewall-cmd --permanent --policy=VMForwardPolicy --add-rich-rule='rule family="ipv4" destination address="<public-ip>" forward-port port="443" protocol="udp" to-port="443" to-addr="192.168.122.134"'
sudo firewall-cmd --reload
This worked, but only gave me internal access from the host to the public IP, any traffic from outside would not work.
When I changed the ingress zone to "ANY", I could no longer reach the IP at all.
I'd also prefer to forward any traffic and not just certain ports.
I'm not familiar with networking, so any help would be appreciated. I don't think firewall-cmd is the best way to do this, but I got further with it than with iptables or nftables.
