Firewalld port forwarding to virtual IP

Maestro

9/30/23, 8:03 PM

I'm trying to replace an existing AutoSSH tunnel with firewall rules:

firewall-cmd --zone=public --add-forward-port=port=9999:proto=tcp:toport=9999:toaddr=100.1.1.1

This should forward all incoming TCP connections to 100.1.1.1

The problem is that it does not work (the port stays closed). I'm trying to understand what I'm doing wrong, and the only thing I can think of is that the destination IP address is on a different NIC and is created by Tailscale (similar to a Wireguard VPN), so it is kind of a virtual IP.

So are there restrictions to which IP's you can forward? And is there a way to circumvent them?

0 + 0

firewall

port-forwarding

firewalld

firewall-cmd

wireguard

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Firewalld port forwarding to virtual IP

TH: พอร์ต Firewalld ส่งต่อไปยัง IP เสมือน

RO: Redirecționarea portului firewalld către IP virtual

RU: Перенаправление портов Firewalld на виртуальный IP

VI: Chuyển tiếp cổng tường lửa sang IP ảo

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.