I was able to get it working, well it is working now, and we will see if it works for more than a few days.
I found reference to a problem on RedHat at this forum
https://bugzilla.redhat.com/show_bug.cgi?id=2016864#c8
and did this,
Hubert Kario 2022-04-30 09:10:46 UTC
Actually, just setting forward on the internal zone is not sufficient, there’s also a need to create a policy that allows the forwarding between zones:
// create new policy
firewall-cmd --permanent --new-policy int_to_ext_fwd
firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
// Enable masquerade on external (this should already be the case if the setup worked on F34); ‘forward’ does not need to be set
firewall-cmd --permanent --zone=external --add-masquerade
// Enable forward on internal (this is a new setting)
firewall-cmd --permanent --zone=internal --add-forward
// restart firewalld
systemctl restart firewalld.service
Then I was able to see that it was already here on the forum at
So I don’t know what I did, well I almost understand, but it made it so I can access the internet with the firewall enabled.
I really think that there is something else going on, but I will take a win.