During the first covid lockdown and while working from home, I had a requirement to access a web application running from a data centre to which I didn’t have direct access.
In the diagram below, the web application runs on the server marked by a green square. So let’s call this the target server.
I had access to our AWS servers via a bastion host, which had network access to the target server via a direct connect link.
This article demonstrates how I used firewalld to port forward traffic to the target server. In addition, it illustrates how I used an SSH tunnel to get traffic from my development machine to the server with firewalld installed. This SSH tunnel is depicted in the diagram by the red arrows.
Then we’ll look at the firewalld configuration, which forwards the traffic to the target server—depicted on the diagram with the blue lines.
The result being I was able to access the web service from my development machine using a local address of 127.0.0.1
Let’s assume the IP address of the bastion server is 3.8.8.8, and the IP address of the server running firewalld is 10.10.10.001. The command below creates an SSH tunnel mapping the local port 8443 on my development machine to the 8443 port on the firewalld server.
ssh -L 8443:10.10.10.001:8443 3.8.8.8 -l ec2-user -N
Depending on your Linux distribution, the installation of firewalld should be relativity easy using either apt-get or yum. You’ll need to elevate your privileges to root to install the service. Once installed, you’ll need to start the firewalld service and permanently add port 22 for SSH access and the port you want to reflect onto another server. In this case, port 8443.
systemctl start firewalld
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=8443/tcp --permanent
To allow the IP forwarding to work, you need to switch on IP masquerading by issuing the following command.
firewall-cmd --zone=public --add-masquerade
Finally, we can add the rule to port forward traffic from the firewalld server to the target server’s final destination. In this example, the target servers IP address is 10.11.10.163
In this example, we’re mapping port 8443 directly to port 8443, but you could direct/forward the traffic to a different target port if you needed to.
firewall-cmd
--zone=public
--add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=10.11.10.163
To stop the firewall from forwarding the traffic, use the system control command to stop it.
systemctl stop firewalld
Yerusalem - Iran mengonfirmasi telah meluncurkan puluhan pesawat nirawak (drone) dan rudal ke arah Israel…
New York - Utusan tetap Iran untuk Perserikatan Bangsa-bangsa (PBB) mengatakan bahwa tindakan militer Republik…
Teheran - Juru bicara pasukan militer Israel Daniel Hagari pada Minggu mengatakan Iran telah meluncurkan…
Kemunculan iklan di HP Android termasuk Xiaomi bukanlah hal baru bagi pengguna. Iklan-iklan tersebut biasanya…
Cara menghilangkan iklan di HP Xiaomi dibutuhkan ketika pengguna mulai terganggu dengan adanya iklan-iklan yang bermunculan di layar…
Serang - Ramadan adalah bulan yang istimewa bagi umat Islam di seluruh dunia. Di bulan suci ini…