How to configure firewalld with PREROUTING?

Issues related to configuring your network
Post Reply
centoni
Posts: 3
Joined: 2017/10/22 18:32:47

How to configure firewalld with PREROUTING?

Post by centoni » 2017/10/24 16:32:04

Hi all,
I'm trying to setup a CIFS server on a VM with Alfresco. This guide here describes the procedure with iptables:
http://docs.alfresco.com/5.1/tasks/file ... eracc.html
How can I accomplish the same using firewalld?
I have tried with these commands:

Code: Select all

$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -p tcp --dport 445 -j REDIRECT --to-ports 1445
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -p tcp --dport 139 -j REDIRECT --to-ports 1139
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -p udp --dport 137 -j REDIRECT --to-ports 1137
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -p udp --dport 138 -j REDIRECT --to-ports 1138
but not only it didn't work, I couldn't even connect via noVNC or SPICE. I somehow messed up the firewalld rules. I didn't run something like these commands before:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
So, how can I do it correctly without sacrificing security?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to configure firewalld with PREROUTING?

Post by TrevorH » 2017/10/24 16:57:24

You can always remove firewalld and revert to the old style iptables-services.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

centoni
Posts: 3
Joined: 2017/10/22 18:32:47

Re: How to configure firewalld with PREROUTING?

Post by centoni » 2017/10/24 17:05:02

You can always remove firewalld and revert to the old style iptables-services.
Thanks for the quick response! Yes, that would be one option. But what If I stay with firewalld?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to configure firewalld with PREROUTING?

Post by TrevorH » 2017/10/24 21:33:41

I tried firewalld and dumped it within 3 months. I tried to like it.

Frankly it appears to be a package designed by committee to attempt to be all things to all men and fails for all but the most simple use case. Any product that sets up a 500 line iptables ruleset out of the box to just allow ssh is not going on any of my boxes.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

centoni
Posts: 3
Joined: 2017/10/22 18:32:47

Re: How to configure firewalld with PREROUTING?

Post by centoni » 2017/10/24 21:41:17

I think you convinced me to try with iptables...

Post Reply