Hi.
After reading documentation it's still unclear - when I setup port forwarding from external to internal or trusted network, do I have to add corresponding ports into zones?
I mean if I have following rule in my 'external' zone: forward-ports: port=2202:proto=tcp:toport=22:toaddr=192.168.2.2
Do I need to add port 2202 to some zone? Port 22? Or will forwarding in itself is enough?
cheers, Max.
Hello Max,
On 04/02/2015 06:15 PM, Max wrote:
Hi.
After reading documentation it's still unclear - when I setup port forwarding from external to internal or trusted network, do I have to add corresponding ports into zones?
I mean if I have following rule in my 'external' zone: forward-ports: port=2202:proto=tcp:toport=22:toaddr=192.168.2.2
Do I need to add port 2202 to some zone? Port 22? Or will forwarding in itself is enough?
forwarding should be enough. For forward-port several rules are added with marking the arriving packets on the defined port in the mangle table, changing the destination address of the marked packets in the nat table and accepting the marked packages in the filter table - and all this in the selected zone.
cheers, Max. _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards, Thomas
firewalld-users@lists.fedorahosted.org