Firewalld - firewall-cmd - port forward

If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.

Masquerade must be turned on to port forward. Use the --add-forward-port=port=xx:proto=xxx:toport=xx to forward traffic from one port to another. In this example, traffic is forwarded from TCP port 22 to port 12345. In this example, the SSH service listening on port 12345 is on the same server as the SSH service with port 22.

firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=12345 --permanent

 

To forward request to another server, add the target IP address.

firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=10.1.2.3:12345 --permanent

 

The --check-config command can be used to ensure there are no configuration errors.

~]$ firewall-cmd --check-config
success

 

firewall-cmd --list-all will show the forward ports.

~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports: 12345
  sourceports:
  icmp-blocks:
  rich rules:

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter da3ba in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |