Port Forwarding with the Firewall

1 hour
  • 5 Learning Objectives

About this Hands-on Lab

In this learning activity, you will need to configure port forwarding that will selectively forward web requests from one host to another.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Verify port 80 is open on `Server1` and `Server2`

You will want to verify that content is being served over port 80 on both Server1 and Server2.

From Client1:

Once logged into Client1, you can verify web content availability from Server1 and Server2 with these commands:

curl 10.0.1.10

curl 10.0.1.20

Create a Zone named `testing` to Handle the Subnet Requests

On Server1:

Create a new firewall zone:

firewall-cmd --permanent --new-zone=testing

Reload the configuration, to pick up the new zone:

firewall-cmd --reload

Add the subnet as the source :

firewall-cmd --permanent --zone=testing --add-source=10.0.1.0/24

Make sure http as a service is added:

firewall-cmd --permanent --zone=testing --add-service=http

Reload the configuration to pick up these changes:

firewall-cmd --reload

Enable Masquerading for the Zone

You will need to enable masquerading for the zone, in order to permit forwarding:

firewall-cmd --permanent --zone=testing --add-masquerade

Reload to pick up the new configuration:

firewall-cmd --reload

Add the Forwarding Rule to the Zone

You will need to add the rule to forward the traffic coming in to the zone on port 80 out to 10.0.1.20:80:

firewall-cmd --permanent --zone=testing --add-forward-port=port=80:proto=tcp:toport=80:toaddr=10.0.1.20

Reload the configuration:

firewall-cmd --reload

Confirm the Port is Forwarded

Confirm the port forward by running curl on the site from Client1:

curl 10.0.1.10

Additional Resources

A business unit is requesting the ability to serve content from an in-development web stack to a subnet, to facilitate validation and testing.

You have three hosts:

  • Server1 10.0.1.10 - Current web server
  • Server2 10.0.1.20 - In-development web server
  • Client1 10.0.1.11 - Subnet IP for testing

We need to configure Server1 so that incoming web traffic (port 80) requests from 10.0.1.0/24 are forwarded to Server2. Requests from all other sources should remain unforwarded. We will need to do this using firewalld.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?