Can I use ufw to setup a port forward?
Solution 1
Let's say you want to forward requests going to 80 to a server listening on port 8080.
Note that you will need to make sure port 8080 is allowed, otherwise ufw will block the requests that are redirected to 8080.
sudo ufw allow 8080/tcp
There are no ufw commands for setting up the port forwards, so it must be done via configuraton files. Add the lines below to /etc/ufw/before.rules, before the filter section, right at the top of the file:
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT
Then restart and enable ufw to start on boot:
sudo ufw enable
Solution 2
Since ufw 0.34 ufw supports forward rules.
example: sudo ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 port 8080 from 192.168.0.0/16 port 80
You also need to make sure you have the sysctl net.ipv4.ip_forward enabled. For most distributions, that's done by editing /etc/sysctl.conf and running sysctl -p or rebooting.
ufw doesn't support NAT through it's easy interface, though.
Related videos on Youtube
18 : 24
01 : 51
05 : 48
09 : 31
01 : 58
tinny
Modern software development & Linux. Groovy & Grails, Rails, Django etc... Oh, and I love fishing
Updated on September 17, 2022Comments
-
tinny over 1 year
Im currently using ufw to enforce some basic firewall rules. Is it possible to also use ufw to do port forwarding?
Specifically im wanting to forward incoming traffic to my server (same machine running ufw) on port 80 to port 8080. (http traffic forwarded to tomcat)
Th
-
Tom about 12 yearscould you explain this line by line please? also, is there not something like
ufw forward 80 to 8080? I thought UFW was Uncomplicated. -
Juha Palomäki almost 12 yearsLooks like there are no ufw commands for setting up the port fowards, so it must be done via configuraton files. More detailed description about the configuration file syntax is available at: frozentux.net/iptables-tutorial/… -
Yuriy Nakonechnyy almost 10 yearsThat doesn't work for me, I receive following message in/var/log/syslogafter turning loggin on:[52627.259812] [UFW BLOCK] IN=eth0 OUT= MAC=xxx SRC=xxx DST=xxx LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=59278 DF PROTO=TCP SPT=53997 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0. It may be useful to know that before everything, I denied all incoming requests usingufw deny incomingand allowed onlyssh,80,443. Could someone please advise what is the problem? -
Tim Swast over 8 years@Yura I had the same problem (8080 was blocked when I looked at syslog). Runningsudo ufw allow 8080/tcpfixed the problem for me. -
Yuriy Nakonechnyy over 8 years@TimSwast I somehow solved or overcame this issue at that time, but anyway thanks a lot for your help :)
-
R.D. over 7 yearsnice and straightforward answer. Much more easier than set it up directly on iptables! kudos
-
Neeraj almost 7 yearsdoes not seems to work for me either. Added, restarted ufw and even restarted the machine. I am on ubuntu 16
-
Steve Seeger almost 5 yearsThis did work for me with Ubuntu 16.04..! -
Roland Pihlakas over 3 yearsIt is
net.ipv4.ip_forwardyou need to enable, notnet.ipv4.forward. -
Bryan Larsen over 3 yearsfixed, thank you!
-
sourcejedi over 2 yearsIt seems like this gives permission for packets sent from a certain network+port and to another network+port. That's not "port forwarding" as requested. OP needs the destination port of the packet to be re-written, from 80 to 8080. See also: serverfault.com/a/752644/133475 -
Bryan Larsen over 2 yearsYes, it's port forwarding. re-writing the packet is called Network Address Translation (NAT). As I said in my comment before you unfairly downvoted, ufw doesn't support NAT. NAT is required for most, but not all, use cases for port forwarding.
