Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The system is Fedora 22 Workstation. The default zone (and the zone for the current network connection) is FedoraWorkstation. In the zone FedoraWorkstation, create a runtime rule to forward connections to port 8080 to port 80. $lynx localhost:80 (will display the default page of httpd) $lynx localhost:8080 (Alert!: Unable to connect to remote host.) View the output of iptables-save. There will be no forwarding rule. The results are identical if the rule is created permanent and firewalld is reloaded. The "configuration entry" as viewed in the firewall-config GUI seems to be created equally well by either firewall-config or the firewall-cmd CLI tool, however the only rule that seems to be generated is: -A PRE_FedoraWorkstation_allow -p tcp -m tcp --dport 8080 -j MARK --set-xmark 0x64/0xffffffff This apears to be a PREROUTING rule for the current zone which will allow these packets to be processed, however there is no rule that specifes the target port. For reference, nf_nat is loaded and /proc/sys/net/ipv4/ip_forward=1 and setenforce Permissive Manually adding this rule (which as far as I can tell should work), does not allow access to httpd by port 8080: iptables -t nat -A PRE_FedoraWorkstation_allow -p tcp --dport 8080 -j REDIRECT --to-port 80
After testing a new installation I discovered this issue only exists to the extent that a local redirected port connection can not be established from a host to itself. (Though I didn't try binding to loopback and connecting to eth0 for instance.) From other hosts, including a guest on a bridged interface, the local port redirection works as expected. This caveat/limitation might deserve mention in documentation.
It should also be possible to circumvent this limitation in the future, but this will need more verification.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.