Port redirects with the firewall off in RHEL 7?
I am looking in to upgrading from RHEL 6 to RHEL 7. In RHEL 6 I can redirect port 80 to 8080 using iptables (with the firewall down) using the following command:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
Is this possible in RHEL 7? I have scoured the internet and so far have not been able to find an answer.
I need to be able to redirect ports with no firewall as several of our customers have secure networks and will not be using the firewall that comes with RHEL.
Thanks!
Responses
Just unistall firewalld and install iptables. Problem solved. At least that's what i did, because i dont like firewalld. It is one of the new features that i could get by without for sure.
Hello
You can use iptables while disabling firewalld. See Using the iptables Service in the Red Hat Enterprise Linux 7 Security guide.
Hello
The iptables service will have to be running in order for the commands to work.
Section "Using the iptables Service" explains how to start the service:
"systemctl start iptables"
and then the command "systemctl enable iptables" is to make it start up on every system start.
I will update that section to make that clear.
The diagram "The Firewall Stack" in the Security Guide shows how the different parts fit together to make up "the firewall". See the section Comparison of firewalld to system-config-firewall and iptables
With direct rules you could pass commands directly to iptables while still using Firewalld. To following works for me: firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 80. The manual warns about using direct rules though, so I don't know if Redhat supports this solution: "It is intended for use by applications and not users"
Hi Team, I have question from RHEL 7 or CnetOS 7 related to wget. when i configure network interface with "dhcp", wget is working fine and downloading required files. But when i change network interface to "none" or "static", wget is hanging saying port 80: connection refused. I have enabled port 80 using firewall-cmd as well. but still no luck.... can some address this please.....
Hello,
Did you configure a valid IP address when you set it to static? Can you browse to some external site or use SSH to connect to some test host to make sure you have configured the interface correctly.
Your question is not related to port redirects, its best to start a new discussion if you have an unrelated problem.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.