I’m not very familiar with network stuff and I have difficulties to understand hay firewalld works.
I’m developping a REST service, actually listening on port 8080, and I want to be able to send requests on port 80 that would be redirected to 8080.
To do that on CentOS 6, I used iptables and such a rule:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
I migrated on CentOS 7, and even iptables still exists and still works, the fact that firewalld is the default firewall software makes me thinking I should start to use that software…
The fact is I can’t understand how it works, and how to convert my single iptables rule into a firewalld one. I know that firewalld “understand” iptables rules (in fact, I’m using this rule with firewalld to keep on working), but I want to know how to do, and I would like to make this rule permanent, too.
--add-forward-port to set up a port forwarding.
firewall-cmd man page:
--add-forward-port=port=portid[-portid]:proto=protocol[:toport=portid[-portid]][:toaddr=address[/mask]] [--timeout=timeval] Add the IPv4 forward port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address.
So you would do something like:
firewall-cmd ---zone=whatever --add-forward-port=80:proto=tcp:toport=8080
And if it does what you want, make it permanent.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.