Hello
Im looking to NAT/port foward traffic based on source IP.
I thought this was enough:
firewall-cmd --permanent --add-rich-rule="rule family=\"ipv4\" source address=\"192.168.100.221\" forward-port port=\"514\" protocol=\"udp\" to-port=\"9200\""
But it doesnt seem to be working.
Running a traffic capture, I see the traffic arrive on 514 but I cant seem to find a way to see if the NAT/port forward happens.
Thank you
Using firewalld to NAT/port forward based on source IP?
Re: Using firewalld to NAT/port forward based on source IP?
Look at the actual ruleset with:
Which rules were added due to the rich rule?
We know that there should be a DNAT rule to rewrite port 514/udp as port 9200/udp
There should also be a rule within INPUT to allow traffic to 9200/udp
When the service at 9200/udp does reply, does that above-mentioned DNAT rule automagickally rewrite source port from 9200 into 514 in the reply too?
Code: Select all
sudo iptables -S
sudo iptables -t nat -S
sudo iptables -t mangle -S
We know that there should be a DNAT rule to rewrite port 514/udp as port 9200/udp
There should also be a rule within INPUT to allow traffic to 9200/udp
When the service at 9200/udp does reply, does that above-mentioned DNAT rule automagickally rewrite source port from 9200 into 514 in the reply too?