0

I am trying to redirect a port on the loopback interface, but it does not seem to be working

firewall-cmd --list-all-zones

trusted (active)
target: ACCEPT
interfaces: lo
...
rich rules:
    rule family="ipv4" source address="127.0.0.1" forward-port port="400" protocol="tcp" to-port="500"

but when I run nc -v 127.0.0.1 400 I get connection refused. nc -v 127.0.0.1 500 can connect fine.

Any advise for how to get this set up correctly? Thanks

Jamie
  • 3
  • 2
  • Given that port 500 works and 400 doesn't, can you confirm by running `netstat -antp` that some command is not already listening on port 400 ? – Kate Feb 26 '20 at 18:55

1 Answers1

2

firewalld installs a rule in the PREROUTING chain of the nat table. This table is consulted only for foreign traffic.

Locally generated traffic traverses the OUTPUT chain of the nat table, so you need to install a rule with:

firewall-cmd --direct --add-rule ipv4 nat OUTPUT 0 -s 127.0.0.1\
-p tcp --dport 400 -j REDIRECT --to-port 500
Piotr P. Karwasz
  • 5,292
  • 2
  • 9
  • 20