Strange Behavior Of Firewalld And Port-forwarding
HI,
me and firewalld won’t have a good start, but I hope we’ll be good friends.
One of my hosts must rerote traffic from one to another host. It isn’t a big problem.
I’ve a host witch must do:
1) forwarding port 25 tcp to a second host Here I’ve a special mail-relay. My external.xml look like this one:
Every thing works expected, incomming traffic on port 25 is forwarded to
10.0.0.87 port 25.
2) traffic from 80.80.80.80 and destination-port 25 should be forwarded to port 22 tcp on 10.0.0.17 and not to 10.0.0.87 on port 25
So I made a new rule with:
firewall-cmd –zone=external –add-rich-rule=’rule forward-port port=”25″ to-port=”22″ to-addr=”10.0.0.17″ protocol=”tcp” family=”ipv4″
source address=”80.80.80.80″‘
If I try to connect on host 80.80.80.80 my system with:
“telnet 10.0.0.17 25”
I can connect the final host 10.0.0.17 on port 22 and open-ssh will greet me “SSH-2.0-oPENssh_6.6.1”. It is working like I’ve expected.
If I made my new firewall-rule permanent I use:
“firewall-cmd –runtime-to-permanent”
an the zone-file has now this content:
O.K. That isn’t a miracle. BUT, every is working right till I restart the server or reload the firewalld with:
“firewall-cmd –reload”
Now I can’t access my host 10.0.0.17 via SSH over my transit-host! I’ll reach destination-host 10.0.0.87 on port 25. It looks like, my rich rule were’nt definied. :/
Any idea, how to make it reboot-save?
Thanx for help
ttyl, Django
Recent Comments