Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

5.9. Port Forwarding

Using firewalld, you can set up ports redirection so that any incoming traffic that reaches a certain port on your system is delivered to another internal port of your choice or to an external port on another machine.

5.9.1. Adding a Port to Redirect
Link kopieren

Before you redirect traffic from one port to another port, or another address, you need to know three things: which port the packets arrive at, what protocol is used, and where you want to redirect them.
To redirect a port to another port: 
~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-number
Copy to Clipboard Toggle word wrap
To redirect a port to another port at a different IP address:
  1. Add the port to be forwarded: 
    ~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP
    Copy to Clipboard Toggle word wrap
  2. Enable masquerade: 
    ~]# firewall-cmd --add-masquerade
    Copy to Clipboard Toggle word wrap

Example 5.1. Redirecting TCP Port 80 to Port 88 on the Same Machine

To redirect the port:
  1. Redirect the port 80 to port 88 for TCP traffic: 
    ~]# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=88
    Copy to Clipboard Toggle word wrap
  2. Make the new settings persistent: 
    ~]# firewall-cmd --runtime-to-permanent
    Copy to Clipboard Toggle word wrap
  3. Check that the port is redirected: 
    ~]# firewall-cmd --list-all
    Copy to Clipboard Toggle word wrap

5.9.2. Removing a Redirected Port
Link kopieren

To remove a redirected port: 
~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
Copy to Clipboard Toggle word wrap
To remove a forwarded port redirected to a different address:
  1. Remove the forwarded port: 
    ~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
    Copy to Clipboard Toggle word wrap
  2. Disable masquerade: 
    ~]# firewall-cmd --remove-masquerade
    Copy to Clipboard Toggle word wrap

Note

Redirecting ports using this method only works for IPv4-based traffic. For IPv6 redirecting setup, you need to use rich rules. For more information, see Section 5.15, “Configuring Complex Firewall Rules with the "Rich Language" Syntax”.
To redirect to an external system, it is necessary to enable masquerading. For more information, see Section 5.10, “Configuring IP Address Masquerading”.

Example 5.2. Removing TCP Port 80 forwarded to Port 88 on the Same Machine

To remove the port redirection:
  1. List redirected ports: 
    ~]# firewall-cmd --list-forward-ports 
port=80:proto=tcp:toport=88:toaddr=
    Copy to Clipboard Toggle word wrap
  2. Remove the redirected port from the firewall:: 
    ~]# firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=88:toaddr=
    Copy to Clipboard Toggle word wrap
  3. Make the new settings persistent: 
    ~]# firewall-cmd --runtime-to-permanent
    Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat