Forward port from local system to remote IP | NAT loopback

blaster234 · April 4, 2025, 5:55pm

I have two interfaces on my system, one with a static public IP and one on a private network.

I have port forwarding working such that if a connection comes in remotely to the public IP, it will get forwarded to an IP:port on the private network.

However, I also want to be able to forward connections originating on the local system to the static public IP to also get forwarded to an IP:port on the private network. I’m just getting connection refused right now.

What sort of sorcery do I need to forward locally initiated traffic to the public IP:port to the private subnet IP:port?

Thank you!

vgaetera · April 4, 2025, 7:40pm

This is how it works:

# Port forwarding
sudo firewall-cmd --permanent --zone=${WAN_ZONE} --add-forward-port=\
port=${WAN_PORT}:proto=${PROTO}:toport=${LAN_PORT}:toaddr=${LAN_ADDR}
sudo firewall-cmd --reload

# NAT loopback
sudo firewall-cmd --permanent --zone=${LAN_ZONE} --add-forward-port=\
port=${WAN_PORT}:proto=${PROTO}:toport=${LAN_PORT}:toaddr=${LAN_ADDR}
sudo firewall-cmd --permanent --zone=${LAN_ZONE} --add-masquerade
sudo firewall-cmd --reload

However it’s a dirty hack with certain drawbacks.
Split DNS or IPv6 are better options.

Topic		Replies	Views
FirewallD/IPtables forwarding Between Interfaces Ask Fedora f31 , firewalld	7	4676	December 9, 2020
Firewalld port forwarding Ask Fedora f31	2	1922	April 11, 2020
Firewalld: forward local traffic to remote host Ask Fedora f38 , kde , desktop , server	6	2648	August 26, 2023
Firewall local port forwarding Ask Fedora f38 , firewalld , server , workstation	13	3899	August 30, 2023
External port access, ssh or cockpit Ask Fedora f32 , ssh , networking , server	3	3890	October 10, 2020

Forward port from local system to remote IP | NAT loopback

Related topics