I have an external device A that advertises a HTTP server at port 80. It is fixed at address 192.168.1.107. I can view the HTTP server at http://192.168.1.107:80 on my local network from any other device.
My Linux computer (Ubuntu 23.04), device B,at 192.168.1.105, has some remote access capabilities through remote.it. I'd like to expose A's server to remote.it on port 8080 by fowarding the port. I've had success with firewalld before doing this exact thing, but I can't reproduce it.
Here is A's configuration, where I've set up its ethernet interface to be in the external zone.
# firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: enp12s0
sources:
services: ssh
ports: 8080/tcp
protocols:
forward: yes
masquerade: yes
forward-ports:
port=8080:proto=tcp:toport=80:toaddr=192.168.1.107
source-ports:
icmp-blocks:
rich rules:
# wget localhost:8080
--2023-06-30 18:00:08-- http://localhost:8080/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... failed: Connection refused.
# wget 192.168.1.107:80
--2023-06-30 18:09:51-- http://192.168.1.107/
Connecting to 192.168.1.107:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5901 (5.8K) [text/html]
Saving to: ‘index.html’
I've done the following as mentioned in other references:
- enabled masquerade
- Added a firewalld port forward rule
- Added a firewalld input port allowance
- Made the firewalld configuration permanent and reloaded it
- Checked firewalld is still running with
systemctl status firewalld
- Checked my kernel has ipv4 forwarding set to 1
Goal: From device C, my phone, I can go to http://192.168.1.105:8080 and view the web page. If that works, then remote.it can expose it too.
Related:
https://www.reddit.com/r/linuxadmin/comments/ub7iow/firewallcmd_firewalld_issues_for_port_forwarding/
https://paulbradley.org/firewalld-port-forwarding/
