I just set up a new CentOS 8 on my server with a VM on it, and I wanted to forward a port from the host to the VM (2228 to 22) with firewalld. I added the port-forward, turned on masquerade and tried it out from my desktop and this was the output:
ssh: connect to host x.x.x.x port 2228: Connection refused
I already checked if ip forwarding was enabled on the system and checked if I can reach the VM from the host, which I can. I also tried turning off SELinux but it didn't change anything. Interestingly enough, a port forward only on the host (e.g. Host:1234 to Host:22) works.
This is my firewalld zone:
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: yes
forward-ports: port=2228:proto=tcp:toport=22:toaddr=192.168.122.8
source-ports:
icmp-blocks:
rich rules:
Running nmap on port 2228 returns that the port is closed and not filtered, so something seems to be working, just not all of it.
As suggested by J D I added a rich rule with logging but it does not seem to work either:
`rule family="ipv4" forward-port port="2228" protocol="tcp" to-port="22" to-addr="192.168.122.8" log prefix="forward-log" level="debug"`