Edukasi

Port forwarding TPC traffic to another server with firewalld

During the first covid lockdown and while working from home, I had a requirement to access a web application running from a data centre to which I didn’t have direct access.

In the diagram below, the web application runs on the server marked by a green square. So let’s call this the target server.

I had access to our AWS servers via a bastion host, which had network access to the target server via a direct connect link.

This article demonstrates how I used firewalld to port forward traffic to the target server. In addition, it illustrates how I used an SSH tunnel to get traffic from my development machine to the server with firewalld installed. This SSH tunnel is depicted in the diagram by the red arrows.

Then we’ll look at the firewalld configuration, which forwards the traffic to the target server—depicted on the diagram with the blue lines.

The result being I was able to access the web service from my development machine using a local address of 127.0.0.1

Let’s assume the IP address of the bastion server is 3.8.8.8, and the IP address of the server running firewalld is 10.10.10.001. The command below creates an SSH tunnel mapping the local port 8443 on my development machine to the 8443 port on the firewalld server.

ssh -L 8443:10.10.10.001:8443 3.8.8.8 -l ec2-user -N

Installing firewalld

Depending on your Linux distribution, the installation of firewalld should be relativity easy using either apt-get or yum. You’ll need to elevate your privileges to root to install the service. Once installed, you’ll need to start the firewalld service and permanently add port 22 for SSH access and the port you want to reflect onto another server. In this case, port 8443.

systemctl start firewalld
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=8443/tcp --permanent

To allow the IP forwarding to work, you need to switch on IP masquerading by issuing the following command.

firewall-cmd --zone=public --add-masquerade

Forwarding the port traffic

Finally, we can add the rule to port forward traffic from the firewalld server to the target server’s final destination. In this example, the target servers IP address is 10.11.10.163

In this example, we’re mapping port 8443 directly to port 8443, but you could direct/forward the traffic to a different target port if you needed to.

firewall-cmd
   --zone=public 
   --add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=10.11.10.163

Stopping firewalld

To stop the firewall from forwarding the traffic, use the system control command to stop it.

systemctl stop firewalld

Versions

  • 15.02.2023 – slight rewrite of document. Added link to firewalld’s project page.
  • 11.10.2020 – initial document created.
ryan

Recent Posts

Komputer Lemot? Gunakan MiniOS Ultra, Distro Linux dengan Fitur yang Cukup Lengkap

Jika merasa frustasi karena komputer atau laptop kamu hanya sanggup menjalankan aplikasi sederhana seperti browser…

1 minggu ago

Games Nostalgia PS1 Tamiya Let’s & Go!! Eternal Wings (Japan)

Bakusou Kyoudai Lets & Go Eternal Wings atau biasa disebut dengan Game Tamiya PS1 merupakan permainan balap mobil Mini…

3 minggu ago

Cara Tambahkan Stiker Add Yours di WhatsApp Status

WhatsApp Status kembali mendapatkan fitur baru. Setelah cukup lama diuji coba, WhatsApp akhirnya merilis fitur 'Add…

3 minggu ago

Mark Zuckerberg Ingin AI Jadi Teman untuk Orang yang Kesepian

Chatbot AI saat ini sudah umum dipakai menjadi asisten digital. Tapi menurut Mark Zuckerberg, AI juga bisa…

3 minggu ago

Polytron Itu Mobil Listrik Nasional atau Bukan?

Polytron jadi merek Indonesia yang terjun dalam industri mobil listrik. Polytron disebut-sebut bakal menjadi mobil…

3 minggu ago

Pesaing China Muncul, Bikin AI Pakai GPU Murah Meriah

Fastino, startup kecerdasan buatan asal Amerika Serikat, memamerkan model AI barunya yang ditujukan untuk bisnis. Menariknya, model AI…

3 minggu ago