Firewalld 端口转发报告连接被拒绝

Firewalld port forward reports Connection refused

我要转发192.168.9.1119876192.168.9.112:3333,配置如下:

# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 9876/tcp
  protocols: 
  masquerade: yes
  forward-ports: port=9876:proto=tcp:toport=3333:toaddr=192.168.9.112
  source-ports: 
  icmp-blocks: 
  rich rules: 

# sysctl -a |grep forward |grep 4
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0

# the destination is listening:
# telnet 192.168.9.112 3333
Trying 192.168.9.112...
Connected to 192.168.9.112.
Escape character is '^]'.

# but the forward does not work
# telnet 192.168.9.111 9876
Trying 192.168.9.111...
telnet: connect to address 192.168.9.111: Connection refused

有什么想法吗?

原来你还需要编辑 /etc/sysctl.conf 以包括:

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.ip_forward=1