Hi!
I would like to forward http & https traffic that reaches my external interface on OpenSUSE Leap 15.6 to a wordpress container inside a Podman pod on a bridged network that’s connected to my trusted zone.
It works just fine connecting to the wordpress host (172.16.200.20) when I’m located in the trusted zone, BUT I can’t get it to work when I’m trying to connect from the outside!
Any ideas on what I should specify with the firewall-cmd command in order to get it to work?
(Maybe someone have done something similar)?
Kind regards
Henrik
You need to configure policy allowing traffic between zones.
Do you mean something like firewall-cmd --zone=trusted or external --add-forward?
Ok so you mean something like:
firewall-cmd --permanent --new-policy allow-ext-to-trusted
firewall-cmd --permanent --policy allow-ext-to-trusted --set-target ACCEPT
Etc…
Could I get some tips or maybe point me in the right direction on where I can find more information on creating policies?
If you are wanting to forward traffic between networks, then kernel-level IP forwarding needs to be enabled via sysctl (net.ipv4.ip_forward=1) before firewalld port forwarding rules will work.
You can do this on the fly (IPv4 traffic) with
sudo sysctl -w net.ipv4.ip_forward=1
For persistent configuration refer
man systctl.conf
One of many blogs…
https://nordvpn.com/blog/ip-forwarding-linux/