CentOS 7 firewalld Port Forwarding Tutorial (Works with Shadowsocks)

An alternative port or address to which incoming network packets from one port are forwarded. First, enable IP masquerading for a zone such as external by entering the following command as root:

~]# firewall-cmd --zone=external --add-masquerade

To forward packets to a local port, that is, a port on the same system, enter the following command as root:

~]# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753

In this example, packets intended for port 22 are now forwarded to port 3753 at the original destination. The original destination port is specified with the port option. This option can be a port or a port range, together with a protocol. The protocol, if specified, must be either tcp or udp. The new local port, or range of ports to which traffic is forwarded, is specified with the toport option. To make this setting permanent, add the --permanent option and reload the firewall.

To forward packets to another IPv4 address, usually an internal address, without changing the destination port, enter the following command as root:

~]# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toaddr=192.0.2.55

In this example, packets intended for port 22 are now forwarded to the same port at the address given by toaddr.The original destination port is specified with the port option. This option can be a port or a port range, together with a protocol. The protocol, if specified, must be either tcp or udp. The new destination port, or range of ports to which traffic is forwarded, is specified with toport. To make this setting permanent, add the --permanent option and reload the firewall.

To forward packets to another port on another IPv4 address, usually an internal address, enter the following command as root:

~]# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=2055:toaddr=192.0.2.55

In this example, packets intended for port 22 are now forwarded to port 2055 at the address given by toaddr. The original destination port is specified with the port option. This option can be a port or a port range, together with a protocol. The protocol, if specified, must be either tcp or udp. The new destination port, or range of ports to which traffic is forwarded, is specified with the toport. To make this setting permanent, add the --permanent option and reload the firewall.

 

firewall-cmd --reload      #Reload

firewall-cmd --list-all      #View all information

Leave a Comment

Your email address will not be published. Required fields are marked *

中文 EN
🚀

RedGate VPN

免费节点太挤太慢?
升级高速稳定专线

立即体验 →

告别卡顿

RedGate VPN
全球高速节点

免费下载 →
Scroll to Top