Port Forwarding With Firewalld

Environment

  • Host OS: Windows 10
  • Guest OS: Centos 8

Topology

Thing you want to do

Accessed from the browser on the host OS side with :8080, and port forwarding to the server as :80.

The above figure is hard to understand, but the point is to switch :8080 communication from the host OS side to :80 and send to httpd .

This time, it is forwarding to the same server, but it can be done to another server.

Port forwarding within the same server

firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-number

Command example

[root@centos7 vagrant]# firewall-cmd --add-forward-port=port=8080:proto=tcp:toport=80
success

Write the port information perky after--add-forward-port

  • port=8080 comes from client: :8080
  • proto=tcp uses tcp as the protocol
  • toport=80 comes to :80

Command for persisting settings

[root@centos8 vagrant]# firewall-cmd --runtime-to-permanent
success

Persistence can be made by adding--permanent to the command add-forward- … above, but this time it is made permanent from another command.

Command to check the settings

[root@centos8 vagrant]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports: port=8080:proto=tcp:toport=80:toaddr=
source-ports:
icmp-blocks:
rich rules:
[root@centos8 vagrant]#

Output will vary by environment.

Port forwarding to another IP

firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP/mask

 by the author.

--

--

--

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maciej

Maciej

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

More from Medium

Send Email With Postfix via Gmail

Create a YAML Manifest Template in Monokle

Bypassing read only filesystem(ro) restriction containers- Running programs in memory

Add a New Hard Disk to VMware vSphere Virtual Machine — Ansible module vmware_guest_disk