Port Forwarding with the Firewall

1 hour
  • 5 Learning Objectives

About this Hands-on Lab

In this learning activity, you will need to configure port forwarding that will selectively forward web requests from one host to another.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Verify port 80 is open on `Server1` and `Server2`

You will want to verify that content is being served over port 80 on both Server1 and Server2.

From Client1:

Once logged into Client1, you can verify web content availability from Server1 and Server2 with these commands:



Create a Zone named `testing` to Handle the Subnet Requests

On Server1:

Create a new firewall zone:

firewall-cmd --permanent --new-zone=testing

Reload the configuration, to pick up the new zone:

firewall-cmd --reload

Add the subnet as the source :

firewall-cmd --permanent --zone=testing --add-source=

Make sure http as a service is added:

firewall-cmd --permanent --zone=testing --add-service=http

Reload the configuration to pick up these changes:

firewall-cmd --reload

Enable Masquerading for the Zone

You will need to enable masquerading for the zone, in order to permit forwarding:

firewall-cmd --permanent --zone=testing --add-masquerade

Reload to pick up the new configuration:

firewall-cmd --reload

Add the Forwarding Rule to the Zone

You will need to add the rule to forward the traffic coming in to the zone on port 80 out to

firewall-cmd --permanent --zone=testing --add-forward-port=port=80:proto=tcp:toport=80:toaddr=

Reload the configuration:

firewall-cmd --reload

Confirm the Port is Forwarded

Confirm the port forward by running curl on the site from Client1:


Additional Resources

A business unit is requesting the ability to serve content from an in-development web stack to a subnet, to facilitate validation and testing.

You have three hosts:

  • Server1 - Current web server
  • Server2 - In-development web server
  • Client1 - Subnet IP for testing

We need to configure Server1 so that incoming web traffic (port 80) requests from are forwarded to Server2. Requests from all other sources should remain unforwarded. We will need to do this using firewalld.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?