1

I have a service listen on 127.0.0.1:8080, and I only want to export port 80 to outside. I tried port forwarding but no success. So how can I forward port 80 to localhost:8080?

This is what i tried:

firewall-cmd --add-port-forward=port=8080:proto=tcp:toport=80:toaddr=127.0.0.1

OS: fedora 36, firewalld

2022-07-02 update:

I tried again with this but failed:

firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=127.0.0.1

# firewall-cmd --list-all
FedoraServer (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: cockpit dhcpv6-client http https ssh
  ports: 80/tcp 80/udp 443/tcp 443/udp
  protocols:
  forward: no
  masquerade: yes
  forward-ports:
    port=443:proto=tcp:toport=8443:toaddr=127.0.0.1
    port=443:proto=udp:toport=8443:toaddr=127.0.0.1
    port=443:proto=tcp:toport=8443:toaddr=
    port=443:proto=udp:toport=8443:toaddr=
    port=80:proto=tcp:toport=8080:toaddr=127.0.0.1
  source-ports:
  icmp-blocks:
  rich rules:

nc -l 127.0.0.1 8080

nc x.x.x.x 80
Ncat: TIMEOUT.

Edit 2022-07-03: fix wrong port number.

yoru
  • 13
  • 1
  • 4
  • There is an inconsistency between what you ask for and what your firewall rule does. You ask for 80->8080, you write a rule for 8080->80. – Dylan Jul 01 '22 at 11:28
  • My mistake, I updated my second attempt. – yoru Jul 02 '22 at 09:30
  • Your `nc` example seems to suggest that you don't actually have anything listening on port 8080. – larsks Jul 02 '22 at 19:57
  • I use nc to listen on 127.0.0.1:8080 to test the rule. And nc to that machine from another machine. – yoru Jul 03 '22 at 16:19

1 Answers1

1

Forwarding to the loopback address is disabled by default. Assuming the incoming inteface name is eth0, it can be temporarily enabled with:

sudo sysctl -w net.ipv4.conf.eth0.route_localnet=1

Additionally, the forwarding rules must contain toaddr=127.0.0.1

Dylan
  • 461
  • 2
  • 6