Aunt Jemima asked:
How do you enable port forwarding on only a single host ip address?
My Centos 7 server has 5 ip addresses. Previously I had apache listening on all of them and various domains assigned to those ip addresses which were resolved with virtual hosts.
I changed the
Listen directive in httpd.conf so that now apache only listens to 4 of the ip addresses
Using node.js I created another server instance, but it won’t let me listen on the standard port 80 without elevated permissions. I don’t want to run it with elevated permissions.
I’d like to port forward port 80 to something like 8080, but only on the one ip address without affecting traffic directed at the other 4 ip addresses. It’s important that traffic on other ip addresses are not affected by the rule.
I think the solution will look similar to:
firewall-cmd --zone=public --add-masquerade --permanent firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
The other questions and answers I’ve found have to do with source ip addresses instead of host ip addresses.
A firewalld zone can be specified either by interface or by source address, but you want to filter by destination address. You’ll need a rich rule to handle this particular situation.
Such a rich rule may look like:
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination address="198.51.100.237" forward-port port="80" protocol="tcp" to-port="8080"'
firewalld.richlanguage(5) man page for documentation on rich rules.
Once your rich rule is working, remember to make it permanent with
--permanent to the previous invocation.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.