This guide explains how to setup firewall rules to redirect client requests for various services to the local firewall.
Because redirecting requests does not require any changes/configuration of your clients, this is a common task to enforce the usage of the local DNS server or to redirect time sync requests to the local NTP server.
In theory, every port-based service can be redirected. The only limitation is the corresponding service (e.g., DNS service or NTP service) is running on the IPFire machine itself. If the service is running on a different machine, go to Creating a Port-Forward Rule.
To create a redirect, click the "New Rule" button on the firewall rules page.
In the first section, you have to define the source network or IP address from where the network packets originate.
Redirecting services is a type of NAT. This has to be enabled and select DNAT with "Automatic-Firewall-Interface".
In order to create a redirect rule, the destination has to be set to the Firewall (All).
You will want to pick a protocol which supports ports like TCP or UDP and specify the used port numbers which should be redirected. It is also possible to redirect them to a different port than the original one. This can be done by specifying a different destination port.
The usage of services, custom created services and service groups also is supported.
Click save and apply the new ruleset.
Want to grab the DNS request and redirect it to the IPFire box? See: Force clients to use IPFire DNS Server
Do you have a device on the network that doesn't behave and looks to Brazil (or some far away country) for NTP service? The Firewall Rule below will grab the NTP request and redirect it to the IPFire box.