Hi List,
I have a query regarding firewalld configuration. If this is not the correct place to ask,
please redirect me to the correct place which is.
i am trying to setup Port forwarding from https (443) port to application port (8443).
The application runs on non-standard port i am able to DNAT it to the outside world on
443.
These are the iptable rules that work for me.
#for remote connections
iptables -t nat -A PREROUTING -i eno16777984 -p tcp --dport 443 -j DNAT --to-destination
127.0.0.1:8443
iptables -A FORWARD -i eno16777984 -m state --state NEW -m tcp -p tcp -d 127.0.0.1 --dport
8443 -j ACCEPT
#for localhost connections
iptables -t nat -A OUTPUT -p tcp --dport 443 -d 127.0.0.1 -j DNAT --to-destination
127.0.0.1:8443
Now, with firewalld, i tried the following :
added service (https) to public zone
added port-forwarding : port=443:proto=tcp:toport=8443:toaddr=127.0.0.1
this did not work, so i tried adding rules using --direct
firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -i eno16777984 -d 127.0.0.1 -p tcp
--dport 443 -j DNAT --to-destination 127.0.0.1:8443
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eno16777984 -m state --state NEW
-m tcp -p tcp -d 127.0.0.1 --dport 8443 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 nat OUTPUT 0 -p tcp --dport 443 -d 127.0.0.1 -j DNAT
--to-destination 127.0.0.1:8443
I assume that this will work, since these are exact rules what work with iptables.
Working ->
https://localhost:443
Not Working ->
https://10.211.213.143:443/ (assuming this is the network ip of my
machine)
[root@jmaster ~]# firewall-cmd --direct --get-all-rule
ipv4 nat OUTPUT 0 -p tcp --dport 443 -d 127.0.0.1 -j DNAT --to-destination 127.0.0.1:8443
ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443
ipv4 filter FORWARD 0 -i eno16777984 -m state --state NEW -m tcp -p tcp -d 127.0.0.1
--dport 8443 -j ACCEPT
ipv4 nat PREROUTING 0 -i eno16777984 -p tcp --dport 443 -j DNAT --to-destination
127.0.0.1:8443
What should i do make the service accessible from outside on 443 ?
Thanks in advance.
Nitesh