________________________________________
From: Markos Chandras <mchandras(a)suse.de>
Sent: 19 May 2016 14:49
To: Firewalld users discussion list
Subject: Re: local port forwarding
On 05/19/2016 01:43 PM, Benjamin Lefoul wrote:
Hi,
Strangely enough this seems to be a common problem without a clear
answer (see for instance:
https://ask.fedoraproject.org/en/question/32104/port-redirect-with-firewa...
)
We have a file to be fetched via http on port 8080, so this works: #
wget
http://localhost:8080/file_to_fetch.txt
We want this to work as well: # wget
http://localhost/file_to_fetch.txt
But adding the port forward to the trusted zone (with interface lo)
won't do.
forward-ports: port=80:proto=tcp:toport=8080:toaddr=
Even adding it as a rich rule does not work. The only way around is with
a direct rule:
# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule priority="0" table="nat" ipv="ipv4"
chain="OUTPUT">-d 127.0.0.1
-p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8080</rule>
</direct>
Hi Benjamin,
Hi,
This sounds like
https://github.com/t-woerner/firewalld/issues/78
--to-destination :port actually rewrites the port on the packet but
leaves the destination address intact.
Mmh, does it? Because in my case, the
destination address IS the same: 127.0.0.1
Benjamin
--
markos
SUSE LINUX GmbH | GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg) Maxfeldstr. 5, D-90409, Nürnberg
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedoraho...