Redirecting Services

This guide explains how to setup firewall rules to redirect client requests for various services to the local firewall.

Because redirecting requests does not require any changes/configuration of your clients, this is a common task to enforce the usage of the local DNS server or to redirect time sync requests to the local NTP server.

In theory, every port-based service can be redirected. The only limitation is the corresponding service (e.g., DNS service or NTP service) is running on the IPFire machine itself. If the service is running on a different machine, you have to create a port-forwarding.

How to set it up?

To create a redirect, click the "New Rule" button on the firewall rules page.

Step 1: Source

In the first section, you have to define the source network or IP address from where the network packets originate.

Step 2: NAT

Redirecting services is a type of NAT. This has to be enabled and select DNAT with "Automatic-Firewall-Interface".

Step 3: Destination

In order to create a redirect rule, the destination has to be set to the Firewall (All).

Step 4: Protocol

You will want to pick a protocol which supports ports like TCP or UDP and specify the used port numbers which should be redirected. It is also possible to redirect them to a different port than the original one. This can be done by specifying a different destination port.

The usage of services, custom created services and service groups also is supported.

Step 5: Done

Click save and apply the new ruleset.

Example - redirect NTP

Do you have a device on the network that doesn't behave and looks to Brazil (or some far away country) for NTP service? The Firewall Rule below will grab the NTP request and redirect it to the IPFire box.

Source

  • Select Standard Networks and choose GREEN (or blue).

NAT

  • Check Use Network Address Translation (NAT)
  • Select Destination NAT (Port forwarding)
  • Select Firewall Interface: Automatic

Destination

  • Select Firewall and Select All from the drop down

Protocol

  • Choose Preset from the drop down.
  • Select Services
  • Choose NTP from the drop down.

Final Notes

  • Click the Add button when done.
  • On the Firewall Rules page, press Apply Changes to make the new rule active.

Redirect NTP - example
Redirect NTP - example

Edit Page ‐ Yes, you can edit!

Older Revisions • October 7 at 9:46 pm • Jon