I am trying to configure destiation NAT on a RHEL 7.4 server. I want any traffic generated for 10.10.10.10:443 to go to 10.20.20.20:443.
After some Googling I used following direct rule:
firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -d 10.10.10.10 -p tcp --dport 443 -j DNAT --to-destination 10.20.20.20:443I could see it in the PREROUTING_direct chain.
# iptables -t nat -vxnL PREROUTING_direct
Chain PREROUTING_direct (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 10.10.10.10 tcp dpt:443 to:10.20.20.20:443But when I telnet to 10.10.10.10:443 it doesn't redirect to 10.20.20.20:443
I do not see the rule is hit (pkts = 0, bytes = 0). Event tcpdump doesn's how any traffic going to 10.20.20.20.
Cheers,
J
11 Answer
The following command works 100%
All TCP/443 sourced from 10.10.10.10 will be forwarded to destination 10.20.20.20 on TCP 443
# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="10.10.10.10" forward-port to-addr="10.20.20.20" to-port="443" protocol="tcp" port="443"'
# firewall-cmd --reload
