Had problem on CentOS 7/8 with both podman and docker. no container could reach internet. needed to enable the following.
cat <<EOF > /etc/sysctl.d/podman.conf # Enable containers to access the outer world net.ipv4.ip_forward=1 EOF
I also needed to enable masquerading on the external zone.
firewall-cmd --zone=public --add-masquerade firewall-cmd --permanent --zone=public --add-masquerade
One question left, who is allowed to masquerade? i see no filtering done meaning any other network connected to this machine can masquerade as the public zone. Does not sound good.