From: "Mark E. Donaldson" <markee@bandwidthco.com>
To: forum@users.pc9.org, netfilter@lists.netfilter.org
Subject: RE: Redirect ports on localhost
Date: Tue, 23 Mar 2004 18:52:50 -0800 [thread overview]
Message-ID: <200403240252.i2O2qesV018945@server5.bandwidthco.com> (raw)
In-Reply-To: <jbm.20040323200102.07b7ea44@alkaid.pc9>
I remember struggling with this a while. Beat my head against the wall for
a month. I finally discovered (after enabling bind debugging mode) the
problem was in my named.conf file:
##########################
# PORTS
##########################
# The listen-on record contains a list of local network interfaces to listen
on. Optionally the port can be
# specified. Default is to listen on all interfaces found on your system.
The default port is 53.
listen-on port 53 { 192.168.1.1; };
query-source address * port 53;
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of
forum@users.pc9.org
Sent: Tuesday, March 23, 2004 6:01 PM
To: netfilter@lists.netfilter.org
Subject: Re: Redirect ports on localhost
> I'm trying to redirect traffic on my DNS server. I have bind listening
> on port 5300 (UDP) instead of 53. I've got it working from the
> internal network but seem to have problem on redirecting localhost
> traffic. I've tried changing both PREROUTING and OUTPUT chains in the
> nat table but it doesn't seem to help.
>
> iptables -A PREROUTING -t nat -p udp -i lo --dport domain -j REDIRECT
> --to-ports 5300
Absolutely incredible, within the past 15 minutes I have been trying to do
the exact same thing with you -- also, with no luck. Using tcpdump I know
that the port 53 packets are there, but from the DNS server logs I know that
the packets never arrive at port 5300. I tried (unsuccessfuly) to add
essentially the same PREROUTING rule.
Since this worked on my external interfaces but not lo, I'm thinking that
maybe PREROUTING doesn't apply to lo? I don't know. The caveat I had
encountered when doing this for another interface was making sure that the
packet is accepted on that port in the INPUT chain, but that's not the case
here for me.
--
forum@users.pc9.org
next prev parent reply other threads:[~2004-03-24 2:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-23 20:10 Redirect ports on localhost Ben Yerushalmi
2004-03-24 2:01 ` forum
2004-03-24 2:52 ` Mark E. Donaldson [this message]
2004-03-24 2:57 ` forum
2004-03-24 3:14 ` Alexander Samad
2004-03-24 20:31 ` al clethero
2004-03-24 5:15 ` Ben Yerushalmi
2004-03-25 7:34 ` Ben Yerushalmi
2004-03-26 5:35 ` Ben Yerushalmi
2004-03-26 6:07 ` forum
[not found] <20040325193403.19216.70237.Mailman@vishnu.netfilter.org>
2004-03-25 19:47 ` Fabiano Bonin
2004-03-25 20:03 ` David Cannings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200403240252.i2O2qesV018945@server5.bandwidthco.com \
--to=markee@bandwidthco.com \
--cc=forum@users.pc9.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.