Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

5.9. Port Forwarding

Using firewalld, you can set up ports redirection so that any incoming traffic that reaches a certain port on your system is delivered to another internal port of your choice or to an external port on another machine.

5.9.1. Adding a Port to Redirect
Copia collegamento

Before you redirect traffic from one port to another port, or another address, you need to know three things: which port the packets arrive at, what protocol is used, and where you want to redirect them.
To redirect a port to another port: 
~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-numberfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-number
Copy to Clipboard Toggle word wrap
To redirect a port to another port at a different IP address:
  1. Add the port to be forwarded: 
    ~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IPfirewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP
    Copy to Clipboard Toggle word wrap
  2. Enable masquerade: 
    ~]# firewall-cmd --add-masquerade
    Copy to Clipboard Toggle word wrap

Example 5.1. Redirecting TCP Port 80 to Port 88 on the Same Machine

To redirect the port:
  1. Redirect the port 80 to port 88 for TCP traffic: 
    ~]# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=88
    Copy to Clipboard Toggle word wrap
  2. Make the new settings persistent: 
    ~]# firewall-cmd --runtime-to-permanent
    Copy to Clipboard Toggle word wrap
  3. Check that the port is redirected: 
    ~]# firewall-cmd --list-all
    Copy to Clipboard Toggle word wrap

5.9.2. Removing a Redirected Port
Copia collegamento

To remove a redirected port: 
~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
Copy to Clipboard Toggle word wrap
To remove a forwarded port redirected to a different address:
  1. Remove the forwarded port: 
    ~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
    Copy to Clipboard Toggle word wrap
  2. Disable masquerade: 
    ~]# firewall-cmd --remove-masquerade
    Copy to Clipboard Toggle word wrap

Note

Redirecting ports using this method only works for IPv4-based traffic. For IPv6 redirecting setup, you need to use rich rules. For more information, see Section 5.15, “Configuring Complex Firewall Rules with the "Rich Language" Syntax”.
To redirect to an external system, it is necessary to enable masquerading. For more information, see Section 5.10, “Configuring IP Address Masquerading”.

Example 5.2. Removing TCP Port 80 forwarded to Port 88 on the Same Machine

To remove the port redirection:
  1. List redirected ports: 
    ~]# firewall-cmd --list-forward-ports 
port=80:proto=tcp:toport=88:toaddr=
    Copy to Clipboard Toggle word wrap
  2. Remove the redirected port from the firewall:: 
    ~]# firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=88:toaddr=
    Copy to Clipboard Toggle word wrap
  3. Make the new settings persistent: 
    ~]# firewall-cmd --runtime-to-permanent
    Copy to Clipboard Toggle word wrap
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat