Firewalld: Redirect port 80 to 8080 and make it work on local machine

Question

I need to redirect port 8080 to port 80 on my linux server. My problem is the same as: https://askubuntu.com/a/579540

The only difference is that I don't have iptables - is there a way of doing this with firewalld?

EDIT: Now I know that firewalld uses iptables and commands can be passed to iptables via firewalld using:

firewall-cmd [--permanent] --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>

I have:

HTTP server running on port 8080
port 80 redirected to 8080 in firewalld (zone public)
clients from other computers accessing through port 80 can get to the HTTP server
I can access the server on port 8080 from the same computer, where the server is running

I want also:

accessing the server on port 80 from the same computer, where the server is running

I tried:

adding interface "lo" to zone "public"
configuring zone "trusted" in the same way as zone "public"

Zone "public" configuration:

<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="snmp"/>
  <service name="http"/>
  <service name="ssh"/>
  <service name="https"/>
  <icmp-block name="redirect"/>
  <icmp-block name="router-solicitation"/>
  <icmp-block name="parameter-problem"/>
  <icmp-block name="router-advertisement"/>
  <forward-port to-port="8080" protocol="tcp" port="80"/>
</zone>

Errors:

#wget "192.168.100.42:80"
--2016-12-01 16:02:29--  http://192.168.100.42/
Connecting to 192.168.100.42:80... failed: Connection refused.

#wget "192.168.100.42:8080"
--2016-12-01 16:06:37--  http://192.168.100.42:8080/
Connecting to 192.168.100.42:8080... connected.
HTTP request sent, awaiting response... 302 Found
...
HTTP request sent, awaiting response... 302 Found
...
HTTP request sent, awaiting response... 302 Found
...
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
...
2016-12-01 16:06:37 (69.8 MB/s) - ‘index.html’ saved [4785]

#wget "localhost:80"
--2016-12-01 16:02:12--  http://localhost/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:80... failed: Connection refused.
Connecting to localhost (localhost)|::1|:80... failed: Network is unreachable.

#wget "localhost:8080"
--2016-12-01 16:06:29--  http://localhost:8080/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:8080... failed: Connection refused.
Connecting to localhost (localhost)|::1|:8080... failed: Network is unreachable.

EDIT: SOLUTION: The server was not listening on loopback interface at all.

score 1 · Accepted Answer · answered Dec 12 '16 at 15:50

1

The server is not listening on loopback interface.

answered Dec 12 '16 at 15:50

J.Doe

11
1
4

Please improve this answer; it lacks sufficient detail. I have a new CentOS 7.2 install (replacing an older Ubuntu system); firewalld is new to me. I'm not running httpd, just Tomcat 8 running on 8180, with firewalld port forwarding from 80->8180. Works fine from the public zone, and port 8180 also works on localhost, but port forwarding does not. `firewall-config` lists *no* "Interfaces". netstap shows `tcp6 0 0 :::8180 :::* LISTEN -` – djb Apr 18 '17 at 12:56

score 0 · Answer 2 · answered Dec 04 '16 at 19:25

Taken the post Firewall. Modify your ips local network and server:

Create a iptables.sh in /etc/init.d/ , chmod +x and run

# NOMENCLATURE
internet=eth0     # interface of internet source
lan=eth1          # interface of local network
local=192.168.1.0 # your local network
netmask=24        # netmask of your local network
iptables=/sbin/iptables

# Zero all packets and counters
$iptables -F
$iptables -X
$iptables -t nat -F
$iptables -t nat -X
$iptables -t mangle -F
$iptables -t mangle -X
$iptables -t raw -F
$iptables -t raw -X
$iptables -t security -F
$iptables -t security -X
$iptables -Z
$iptables -t nat -Z
$iptables -t mangle -Z

# Global Policies (DROP or ACCEPT)
$iptables -P INPUT ACCEPT
$iptables -P OUTPUT ACCEPT
$iptables -P FORWARD ACCEPT
$iptables -t nat -P PREROUTING ACCEPT
$iptables -t nat -P POSTROUTING ACCEPT
$iptables -t nat -P OUTPUT ACCEPT
$iptables -t mangle -P PREROUTING ACCEPT
$iptables -t mangle -P INPUT ACCEPT
$iptables -t mangle -P FORWARD ACCEPT
$iptables -t mangle -P OUTPUT ACCEPT
$iptables -t mangle -P POSTROUTING ACCEPT

# LOOPBACK
$iptables -A INPUT -p all -i lo -j ACCEPT
$iptables -A INPUT -s 192.168.1.10 -j ACCEPT
$iptables -A OUTPUT -p all -o lo -j ACCEPT
$iptables -A OUTPUT -p all -s 127.0.0.1 -j ACCEPT
$iptables -t mangle -A PREROUTING -p all -i lo -j ACCEPT
$iptables -t mangle -A PREROUTING -p all -s 127.0.0.1 -j ACCEPT
$iptables -t nat -A PREROUTING -p all -i lo -j ACCEPT

# IP forward rules
echo 1 > /proc/sys/net/ipv4/ip_forward

# MASQUERADE
$iptables -t nat -A POSTROUTING -s $local/$netmask -o $internet -j MASQUERADE

$iptables -A OUTPUT -p udp --dport 53 -j DROP
$iptables -A INPUT -p udp --sport 53 -j DROP
$iptables -A FORWARD -p udp --dport 53 -j DROP

# LAN ---> PROXY <--- INTERNET
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# TRANSPARENT RULES
$iptables -t nat -A PREROUTING -i $lan -p tcp --dport 80 -j REDIRECT --to-port 8080
$iptables -A INPUT -i $lan -p tcp --dport 8080 -j ACCEPT
$iptables -A FORWARD -i $lan -p tcp -m multiport --dports 80,8080,443 -o $internet -j ACCEPT

Firewalld: Redirect port 80 to 8080 and make it work on local machine

2 Answers2