CentOS 7/8 firewall 转发端口

================================
#开启系统路由模式功能
echo net.ipv4.ip_forward=1>>/etc/sysctl.conf
sysctl -p

#开启firewalld
systemctl start firewalld

打开防火墙伪装IP

# 检查是否允许伪装IP，返回no表示没开启，反之开启伪装IP

firewall-cmd –query-masquerade
#设置IP地址伪装
firewall-cmd –add-masquerade –permanent

firewall-cmd –zone=public –add-port=443-444/tcp –permanent

firewall-cmd –add-forward-port=port=443:proto=tcp:toaddr=192.168.1.100:toport=443 –permanent
firewall-cmd –add-forward-port=port=444:proto=tcp:toaddr=192.168.1.100:toport=444 –permanent

firewall-cmd –reload

（PS：添加或删除端口后不会立即生效，配置完 –reload后才能生效；–permanent代表永久生效）

firewall-cmd –list-all

#查询所有配置