firewalld port forwarding not working in centOS

techzone4all asked:

In the server machine i wanted to redirect all request come to 80 to 9000 port. so i have enabled the port and added port forwarding rule.

firewall-cmd –permanent
–add-forward-port=port=80:proto=tcp:toport=9000

firewall-cmd –add-masquerade

firewall-cmd –permanent –add-port=9000/tcp
firewall-cmd –permanent –add-port=80/tcp

All rule was added to default zone(trusted) as below.

  trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: 
  ports: 9000/tcp 9001/tcp 8080/tcp 80/tcp
  protocols: 
  masquerade: yes
  forward-ports: port=80:proto=tcp:toport=9000:toaddr=
    port=8080:proto=tcp:toport=9001:toaddr=
  source-ports: 
  icmp-blocks: 
  rich rules:

But port forwarding not working. I have tested with as below.

telnet < ip_address > 80

Response is Connection refused.

My answer:


You have set the permanent firewalld configuration, but you did not change the actual running configuration.

You should not use --permanent in any firewall-cmd commands, because you may lock yourself out of the system if you make a mistake. Instead, you should execute the same command without --permanent, which causes it to take effect immediately but not persist, and then when you are sure the rules work properly, you can save them with firewall-cmd --runtime-to-permanent.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.