Port forwarding using firewalld

You may need forwarding a request to an another port at same machine or on a different machine.

I assume that your preferred zone is enabled if not you can use command below(ethX is your network interface that takes requests to port);

sudo firewall-cmd --permanent --zone=public --add-interface=ethX

Than you should enable masquerading for that zone.

sudo firewall-cmd --zone=public --add-masquerade

If you want to forward from one port to another at same system, you can use this;

sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080

This forwards requests from port 80 to 8080. You can use this command for forwarding to a remote server. This may be a virtual server running at same machine which has a NAT configuration.

sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=X.X.X.X

If you are forwarding to a KVM guest, you may need an additional configuration on KVM. You should remove “<forward mode=”nat”>…</forward>” part in your connection XML and add this one instead of it;

<forward mode=”route”/>

You can do this using Virtual Machine Manager. Than restart your VM.