I have a PC running Fedora 33 as a firewall/router. I have a public zone (internet facing, IP address like 68.132.0.x/24) and a home zone (internal/private IP address like 192.168.0.x/24). I set port forwarding to forward port 80 on the public zone to port 80 on the home zone. My zone configuration looks like so:
public (active)
target: DROP
icmp-block-inversion: no
interfaces: enp2s0
sources:
services: http
ports:
protocols:
masquerade: yes
forward-ports:
port=80:proto=tcp:toport=80:toaddr=192.168.0.254
source-ports:
icmp-blocks:
rich rules:
home (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: dhcp dhcpv6-client dns http mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I have Apache httpd running on the internal network at IP 192.168.0.254, where Apache is hosting a page of static content. No matter what I try, the public zone is not forwarding traffic to the home zone on port 80. I can do a curl http://192.168.0.254 on the public zone machine and the static web page on 192.168.0.254 is returned, so I know that 192.168.0.254 is serving up the content properly and the firewall on that machine is allowing port 80 access.
I also tried doing the port foward as a direct rule, via fire --direct --add-rule ipv4 filter FORWARD 0 -i enp2s0 -o enp3s0 -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT, but still no joy. The entire network is working properly, where NAT is working just fine and all clients can resolve external hosts and surf the web and such. Is there some config bit I’m missing?
Thanks.