Hi,

Strangely enough this seems to be a common problem without a clear answer (see for instance: https://ask.fedoraproject.org/en/question/32104/port-redirect-with-firewalld/ )

We have a file to be fetched via http on port 8080, so this works: # wget http://localhost:8080/file_to_fetch.txt

We want this to work as well: # wget http://localhost/file_to_fetch.txt

But adding the port forward to the trusted zone (with interface lo) won't do.

forward-ports: port=80:proto=tcp:toport=8080:toaddr=
Even adding it as a rich rule does not work. The only way around is with a direct rule:

# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule priority="0" table="nat" ipv="ipv4" chain="OUTPUT">-d 127.0.0.1 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8080</rule>
</direct>

We are using version 0.3.9 as packaged in CentOS7.

Surely there is another way?

Thanks,

Benjamin Lefoul