firewalld forward-ports with multiple destinations

[albyva]

I'm setting up firewalld to forward-ports to multiple destinations and I've run into a problem. I'm trying to send all traffic from port 5000 to two (2) destinations on port 5000, but only 1 of the 2 destinations is getting forwarded. Traffic gets tee'd to 1.2.3.4, but nothing gets sent to 5.6.7.8. Is there a limitation to the number of forwarding entries using the same ports? Do I need to do anything special for traffic to be Tee'd to multiple destinations?

Here is my firewalld public listing:

Code: Select all

[root]# firewall-cmd --list-all --zone=public
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: [removed_for_security]
  sources: [removed_for_security]
  services:
  ports: 5000/udp
  protocols: 
  masquerade: no
  forward-ports: port=5000:proto=udp:toport=5000:toaddr=1.2.3.4
    port=5000:proto=udp:toport=5000:toaddr=5.6.7.8
  sourceports: 
  icmp-blocks: 
  rich rules: 

Here is the tcpdump snippit:

Code: Select all

14:10:06.390118 IP incomingtraffic.50101 > localhost.commplex-main: UDP, length 445
14:10:06.390148 IP incomingtraffic.50101 > 1.2.3.4.commplex-main: UDP, length 445
14:10:06.391090 IP incomingtraffic.50101 > localhost.commplex-main: UDP, length 445
14:10:06.391113 IP incomingtraffic.50101 > 1.2.3.4.commplex-main: UDP, length 445