Firewalld port forwarding to virtual IP

gs flag

I'm trying to replace an existing AutoSSH tunnel with firewall rules:

firewall-cmd --zone=public --add-forward-port=port=9999:proto=tcp:toport=9999:toaddr=

This should forward all incoming TCP connections to

The problem is that it does not work (the port stays closed). I'm trying to understand what I'm doing wrong, and the only thing I can think of is that the destination IP address is on a different NIC and is created by Tailscale (similar to a Wireguard VPN), so it is kind of a virtual IP.

So are there restrictions to which IP's you can forward? And is there a way to circumvent them?


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.