From: Marc Chamberlin via openSUSE Users <users@lists.opensuse.org> Date: Wed, 21 Jun 2023 16:50:25 -0700 . . . My Apache James server cannot run under root control for security reasons . . . So I have configured firewalld to do port forwarding of these low numbered ports to high numbered ports that Apache James is actually listening to . . . So what gives with firewalld? Why is it refusing to forward localhost ports? Googling also seems to imply that it is not possible but I get mixed answers and no good explanations as to why and/or what is a work around? Can/do I have to use IPTables rules directly instead? If so, can some kind guru tell me how, I am not an IPTables guru yet. Sigh. At least now we're getting to someplace I'm more familiar with, as I used to write my own firewalls with ipchains, then iptables. Unfortunately, because of my DIY bent, I have no experience with firewalld, or even SuSEFirewall. Accordingly, I may still only be able to help you halfway. IIUC, you want port 25 on your public IP to be forwarded to 127.0.0.1:10025 on the same machine so that an unprivileged Apache James can listen on that port, correct? Because that certainly seems like it ought to work. (Did it work before, or is that a casualty of upgrading? Just to openSUSE Leap 15.4, or also to firewalld? Just wondering.) If so, you can do iptables -t nat --list and see if firewalld added the appropriate rule in the PREROUTING chain. If not, and it claimed to have done so, you now have material for a bug report. And then you can decide if you want to ditch firewalld, or patch it, or try something else. -- Bob