From: Marc Chamberlin via openSUSE Users
Date: Wed, 21 Jun 2023 16:50:25 -0700
. . .
My Apache James server cannot run under root control for security
reasons . . .
So I have configured firewalld to do port forwarding of these low
numbered ports to high numbered ports that Apache James is actually
listening to . . .
So what gives with firewalld? Why is it refusing to forward localhost
ports? Googling also seems to imply that it is not possible but I
get mixed answers and no good explanations as to why and/or what is a
work around? Can/do I have to use IPTables rules directly instead?
If so, can some kind guru tell me how, I am not an IPTables guru yet.
Sigh. At least now we're getting to someplace I'm more familiar with,
as I used to write my own firewalls with ipchains, then iptables.
Unfortunately, because of my DIY bent, I have no experience with
firewalld, or even SuSEFirewall. Accordingly, I may still only be able
to help you halfway.
IIUC, you want port 25 on your public IP to be forwarded to
127.0.0.1:10025 on the same machine so that an unprivileged Apache James
can listen on that port, correct? Because that certainly seems like it
ought to work. (Did it work before, or is that a casualty of upgrading?
Just to openSUSE Leap 15.4, or also to firewalld? Just wondering.)
If so, you can do
iptables -t nat --list
and see if firewalld added the appropriate rule in the PREROUTING chain.
If not, and it claimed to have done so, you now have material for a bug
report.
And then you can decide if you want to ditch firewalld, or patch it,
or try something else.
-- Bob
