$ firewall-cmd --zone=external \
--add-forward-port=port=80:addr=172.16.1.1:proto=tcp:toport=80:toaddr=192.168.0.2
Referências
Usando a regra "Rich Language"
Encaminhar pacotes IPv6 recebidos de 1: 2: 3: 4: 6: na porta 4011 com o protocolo TCP para 1 :: 2: 3: 4: 7 na porta 4012:
rule family="ipv6" source address="1:2:3:4:6::" forward-port to-addr="1::2:3:4:7" to-port="4012" protocol="tcp" port="4011"