Configuring firewalld on a router, how to allow FORWARDing?

Configuring firewalld on a router, how to allow FORWARDing?

I've just installed Fedora 19 and I'm using firewalld instead of iptables,
but I'm having difficulty interpretting the new terminology.
I have 2 NICs. One is specificed ZONE="internal" and the other "external"
in the ifcfg-* files, I have set ipv4.forwarding = 1 in /etc/sysctl.conf,
and run firewall-cmd --zone=external --add-masquerade
However, when I attempt to route from any machine on the internal network
I'm getting Destination Host Prohibited and of course if I disable
firewalld the error goes away but then I lose masquerading.
In iptables there was a ruleset called FORWARD, but in firewalld I can
only find --add-port-forward which isn't the same thing.
How do I allow routing in firewalld ?
TIA.