[5]For exmaple, Configure that outgoing packets through the Server from Internal network(10.0.0.0/24) are allowed and forwarded to External side.
# set masquerading to internal zone [root@dlp ~]# firewall-cmd --zone=internal --add-masquerade --permanent success [root@dlp ~]# firewall-cmd --reload success [root@dlp ~]# firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth1 -j MASQUERADE [root@dlp ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth0 -o eth1 -j ACCEPT [root@dlp ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
For example, Configure that incoming packets come to 22 port of External zone are forwarded to another Host(192.168.0.31) of 22 port
firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=22:toaddr=192.168.0.31