Hello Max,
On 04/02/2015 06:15 PM, Max wrote:
Hi.
After reading documentation it's still unclear - when I setup port forwarding from
external to internal or trusted network, do I have to add corresponding ports into
zones?
I mean if I have following rule in my 'external' zone:
forward-ports:
port=2202:proto=tcp:toport=22:toaddr=192.168.2.2
Do I need to add port 2202 to some zone? Port 22? Or will forwarding in itself is
enough?
forwarding should be enough. For forward-port several rules are added
with marking the arriving packets on the defined port in the mangle
table, changing the destination address of the marked packets in the nat
table and accepting the marked packages in the filter table - and all
this in the selected zone.
cheers,
Max.
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards,
Thomas