I am unable to ping external zone IP from client PC. Public zone ip is reachable from client pc
 

Below is my setup information.

OS: Centos 9

System is connected with two network adapter. ens192 and ens224

ens192--> zone=public connected to Internet and it as 192.168.22.20/24 gateway: 192.168.22.1

ens224--> zone=external connected to LAN network and it as 192.168.33.100/24 no gateway

[root@localhost ~]# firewall-cmd --get-active-zones
external
interfaces: ens224
public
interfaces: ens192

I enabled masquerade on both the zones and verified the setting.

[root@localhost ~]# firewall-cmd --zone=public --query-masquerade
yes
[root@localhost ~]# firewall-cmd --zone=external --query-masquerade
yes
[root@localhost ~]#

nmcli output:
[root@localhost ~]# nmcli
ens192: connected to Profile 1
"VMware VMXNET3"
ethernet (vmxnet3), 00:50:56:A8:EA:97, hw, mtu 1500
ip4 default
inet4 192.168.22.20/24
route4 192.168.22.0/24 metric 100
route4 default via 192.168.22.1 metric 100

ens224: connected to ens224
"VMware VMXNET3"
ethernet (vmxnet3), 00:50:56:A8:8D:36, hw, mtu 1500
inet4 192.168.33.100/24
route4 192.168.33.0/24 metric 101



is there any routing or natting needs to be done to route the external zone traffic to public.zone network adapter. any suggestion or help is much appreciated

What's the output of

[root@repovm ~]# cat /proc/sys/net/ipv4/ip_forward
1


Problem fixed after adding the ip routing rules.