Port forwarding using firewallD through specific interface

[wice22]

Hi

I'm looking for a solution to route port forwarding trough a particular interface:
For insane:
having a zone called "inz08"
I have 2 interfaces in that zone:

Code: Select all

ens33
ens38

Created a port forwarding:

Code: Select all

firewalld-cmd --zone=inz08 --add-forward-port=port=2245:proto=tcp:toport=22:toaddr=10.0.0.125

I need to specify the interface ens38 to be a carrier of this redirection

I've gone trough documentation at http://www.firewalld.org/documentation/
But can't find any appropriate syntax to add it, I did try to use

Code: Select all

:interface=ens38 
:iface=ens38 
:dev=ens38

Nothing seems to work,

Please tell me that developers did think about such function and its there

[mghe]

Code: Select all

# firewall-cmd --add-interface=ens38 --zone=inz08 --permanent

[wice22]

Code: Select all

# firewall-cmd --add-interface=ens38 --zone=inz08 --permanent

Sorry could you please clarify what do you mean by this answer ?

Please note, I on ready mentioned that both interfaces are in that zone inz08

Or I'm missing something ?

[mghe]

Sorry, I have not noticed it,

In that case probably You have to make 2 zone, separate for both interfaces.

[jlehtone]

Overall, forwarding does not care about interfaces. The outgoing interface is determined by routing, not by netfilter.

There are two points in the netfilter:
1. DNAT rule prerouting that changes the destination of incoming packets
2. Forward rule that allows from source to dnatted destination.

In principle the forward rule could be restrictive to not allow traffic via interfaces that the packets would never go anyway, unless the routes are misconfigured.