Firewalld 端口转发报告连接被拒绝
Firewalld port forward reports Connection refused
我要转发192.168.9.111
的9876
给192.168.9.112:3333
,配置如下:
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 9876/tcp
protocols:
masquerade: yes
forward-ports: port=9876:proto=tcp:toport=3333:toaddr=192.168.9.112
source-ports:
icmp-blocks:
rich rules:
# sysctl -a |grep forward |grep 4
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
# the destination is listening:
# telnet 192.168.9.112 3333
Trying 192.168.9.112...
Connected to 192.168.9.112.
Escape character is '^]'.
# but the forward does not work
# telnet 192.168.9.111 9876
Trying 192.168.9.111...
telnet: connect to address 192.168.9.111: Connection refused
有什么想法吗?
原来你还需要编辑 /etc/sysctl.conf
以包括:
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.ip_forward=1
我要转发192.168.9.111
的9876
给192.168.9.112:3333
,配置如下:
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 9876/tcp
protocols:
masquerade: yes
forward-ports: port=9876:proto=tcp:toport=3333:toaddr=192.168.9.112
source-ports:
icmp-blocks:
rich rules:
# sysctl -a |grep forward |grep 4
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
# the destination is listening:
# telnet 192.168.9.112 3333
Trying 192.168.9.112...
Connected to 192.168.9.112.
Escape character is '^]'.
# but the forward does not work
# telnet 192.168.9.111 9876
Trying 192.168.9.111...
telnet: connect to address 192.168.9.111: Connection refused
有什么想法吗?
原来你还需要编辑 /etc/sysctl.conf
以包括:
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.ip_forward=1