During the first covid lockdown and while working from home, I had a requirement to access a web application running from a data centre to which I didn’t have direct access.
In the diagram below, the web application runs on the server marked by a green square. So let’s call this the target server.
I had access to our AWS servers via a bastion host, which had network access to the target server via a direct connect link.
This article demonstrates how I used firewalld to port forward traffic to the target server. In addition, it illustrates how I used an SSH tunnel to get traffic from my development machine to the server with firewalld installed. This SSH tunnel is depicted in the diagram by the red arrows.
Then we’ll look at the firewalld configuration, which forwards the traffic to the target server—depicted on the diagram with the blue lines.
The result being I was able to access the web service from my development machine using a local address of 127.0.0.1
Let’s assume the IP address of the bastion server is 3.8.8.8, and the IP address of the server running firewalld is 10.10.10.001. The command below creates an SSH tunnel mapping the local port 8443 on my development machine to the 8443 port on the firewalld server.
ssh -L 8443:10.10.10.001:8443 3.8.8.8 -l ec2-user -N
Depending on your Linux distribution, the installation of firewalld should be relativity easy using either apt-get or yum. You’ll need to elevate your privileges to root to install the service. Once installed, you’ll need to start the firewalld service and permanently add port 22 for SSH access and the port you want to reflect onto another server. In this case, port 8443.
systemctl start firewalld
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=8443/tcp --permanent
To allow the IP forwarding to work, you need to switch on IP masquerading by issuing the following command.
firewall-cmd --zone=public --add-masquerade
Finally, we can add the rule to port forward traffic from the firewalld server to the target server’s final destination. In this example, the target servers IP address is 10.11.10.163
In this example, we’re mapping port 8443 directly to port 8443, but you could direct/forward the traffic to a different target port if you needed to.
firewall-cmd
--zone=public
--add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=10.11.10.163
To stop the firewall from forwarding the traffic, use the system control command to stop it.
systemctl stop firewalld
Jika merasa frustasi karena komputer atau laptop kamu hanya sanggup menjalankan aplikasi sederhana seperti browser…
Bakusou Kyoudai Lets & Go Eternal Wings atau biasa disebut dengan Game Tamiya PS1 merupakan permainan balap mobil Mini…
WhatsApp Status kembali mendapatkan fitur baru. Setelah cukup lama diuji coba, WhatsApp akhirnya merilis fitur 'Add…
Chatbot AI saat ini sudah umum dipakai menjadi asisten digital. Tapi menurut Mark Zuckerberg, AI juga bisa…
Polytron jadi merek Indonesia yang terjun dalam industri mobil listrik. Polytron disebut-sebut bakal menjadi mobil…
Fastino, startup kecerdasan buatan asal Amerika Serikat, memamerkan model AI barunya yang ditujukan untuk bisnis. Menariknya, model AI…