firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000 --permanent
#make port forwarding work on localhost
iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 5000