Hi,
On 05/19/2016 02:43 PM, Benjamin Lefoul wrote:
Hi,
Strangely enough this seems to be a common problem without a clear
answer (see for instance:
https://ask.fedoraproject.org/en/question/32104/port-redirect-with-firewa...
)
We have a file to be fetched via http on port 8080, so this works: #
wget
http://localhost:8080/file_to_fetch.txt
We want this to work as well: # wget
http://localhost/file_to_fetch.txt
But adding the port forward to the trusted zone (with interface lo)
won't do.
forward-ports: port=80:proto=tcp:toport=8080:toaddr=
Even adding it as a rich rule does not work. The only way around is
with a direct rule:
# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule priority="0" table="nat" ipv="ipv4"
chain="OUTPUT">-d
127.0.0.1 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8080</rule>
</direct>
We are using version 0.3.9 as packaged in CentOS7.
Surely there is another way?
No, I am sorry, right now there is no other way.
firewalld is not providing a zone for locally generated packets, yet.
These packets are not part of any zone at the moment. But it is planned
to add a special zone for this with a name like "local" or
"outgoing".
Thanks,
Benjamin Lefoul
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedoraho...
Regards,
Thomas