Hi,
On 05/19/2016 02:43 PM, Benjamin Lefoul wrote:
Hi,
Strangely enough this seems to be a common problem without a clear
answer (see for instance:
https://ask.fedoraproject.org/en/question/32104/port-redirect-with-firewa...
)
We have a file to be fetched via http on port 8080, so this works: #
wget
http://localhost:8080/file_to_fetch.txt
We want this to work as well: # wget
http://localhost/file_to_fetch.txt
But adding the port forward to the trusted zone (with interface lo)
won't do.
forward-ports: port=80:proto=tcp:toport=8080:toaddr=
Even adding it as a rich rule does not work. The only way around is
with a direct rule:
# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule priority="0" table="nat" ipv="ipv4"
chain="OUTPUT">-d
127.0.0.1 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8080</rule>
</direct>
We are using version 0.3.9 as packaged in CentOS7.
Surely there is another way?
is the trusted zone active in your configuration?
What is the output of:
firewall-cmd --get-active-zones
If the trusted zone is not bound to an interface or connection or
source, then this rule does not have an effect. Please add it to the
default zone then instead.
Thanks,
Benjamin Lefoul
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedoraho...
Regards,
Thomas