'Re: Port forwarding on interface with multiple addresses'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalld-users
Subject:    Re: Port forwarding on interface with multiple addresses
From:       Eric Garver <egarver () redhat ! com>
Date:       2020-04-28 13:05:04
Message-ID: 20200428130504.uc7wlb7nublufp4r () egarver
[Download RAW message or body]

On Tue, Apr 28, 2020 at 12:22:33PM -0000, Peter Hoogendijk wrote:
> For several days I've been searching for the correct way to implement port \
> forwarding based on the IP address of the interface (one interface with two \
> addresses: 172.16.1.15 and 172.16.1.16). With iptables I would use the following \
> rules to forward traffic to two different web server implementations: 
> iptables -A PREROUTING -t nat -p tcp --dst 172.16.1.15 --dport 443 -j REDIRECT \
> --to-port 8015 iptables -A PREROUTING -t nat -p tcp --dst 172.16.1.16 --dport 443 \
> -j REDIRECT --to-port 8016 
> What would be the right way to translate this iptables situation into
> a firewalld configuration? In the documentation about port forwarding
> there is no way to specify "--dst". The documentation about services
> shows a way to specify this as "destination" but no way to specify
> port forwarding. So after searching for several days I decided the I'm
> now past the RTFM phase :-).

Use a rich rule.

    firewall-cmd --zone <zone> --add-rich-rule='rule family=ipv4 destination \
address=172.16.1.15 forward-port port=443 protocol=tcp to-port=8015'  firewall-cmd \
--zone <zone> --add-rich-rule='rule family=ipv4 destination address=172.16.1.16 \
forward-port port=443 protocol=tcp to-port=8016'

Hope that helps.
Eric.
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic