Dear team,
Is it possible to setup port forwarding rule using the console. I do not want to use the web interface.
Ipfire uses iptables.
If your so inclined.
1 Like
Could you please explain in detail. Or is there any documentation available to understand how port forwarding rule can be set without web interface.
Hi @sabithra
Welcome to the IPFire community.
Why don’t you want to use the WUI for the port forward rule? That is what the WUI has been created for in IPFire. The wiki has a section about creating a port forward rule using the WUI.
https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding
There is a firewall.local file that is intended to be used for rules for special custom configurations that can not be created via the WUI.
https://wiki.ipfire.org/configuration/firewall/firewall-local
However there is no wiki page for how to create an iptables rule for port forwarding as this can be done via the WUI.
2 Likes
Because, during our automation testing we wanted to create the rule using the ssh through console.
Then you will need to create the Port Forward rule directly in an iptables command which you will need to add into firewall.local
1 Like
It would be nice if there’s an example showing how to add rule to iptables
The documentation on creating custom rules in IPFire can be found here. In essence, you need to define a set of rules for when you start the firewall, and a corresponding set to bring down those rules when you stop or reload the firewall.
Since IPFire is a Linux distribution that utilizes IPTABLES, you’ll find plenty of resources detailing how to set up port forwarding. However, bear in mind that the network interfaces in IPFire are not labelled as eth0, eth1 etc., but rather as red0, green0 or blue0, depending on the zone.
That being said, I strongly advise caution if you’re planning to manually modify these rules.
You can print the entire set of IPTABLES and their chains with this command:
iptables-save
If you run this command, you’ll quickly realize the complexity involved. The reason IPFire exists is to hide this complexity, preventing users from making inadvertent errors. The code behind IPFire has been meticulously implemented by network engineering experts. Unless you possess a similar level of expertise, or you’re willing to invest substantial effort to reach that level, I would caution against attempting to manually create or modify rules. The risk of making a mistake and causing a significant issue is high.
3 Likes
I may not fully understand your specific needs, so if my suggestion doesn’t seem relevant, it could be due to some misunderstanding on my part.
However, one approach you might consider is utilizing the iptables-save and iptables-restore commands. You can first set up your IPFire configuration exactly as you want it using the Web User Interface. Once the configuration is working to your satisfaction, you can save all the iptables rules to a file with the following command:
iptables-save > /path/to/your-desired-backup-file
In the future, if you need to redeploy these rules, you can restore them using the command:
iptables-restore < /path/to/your-desired-backup-file
This method allows you to backup and restore the entire ruleset, which might help achieve your goal.
2 Likes
There are various examples within this Community (this forum):
I searched the Community for firewall.local AND iptables and found this:
https://community.ipfire.org/search?expanded=true&q=firewall.local%20AND%20iptables%20order%3Alatest
3 Likes