From: David Cannings <lists@edeca.net>
To: netfilter@lists.netfilter.org
Subject: Re: Redirecting ports on localhost
Date: Tue, 30 Mar 2004 14:00:15 +0100 [thread overview]
Message-ID: <200403301400.15110.lists@edeca.net> (raw)
In-Reply-To: <40696C1A.5080400@personalsoft.com.br>
On Tuesday 30 March 2004 13:46, Fabiano Bonin wrote:
> I need to access this service from other hosts through ETH0 interface
> (ip 192.168.0.254). The other hosts are in the same network.
> I already enabled "NF_NAT_LOCAL" kernel option (btw, all netfilter
> options are enabled in my kernel), and the commands i'm using are
> these:
NF_NAT_LOCAL is for NAT'ing connections that originate on the local
machine (ie the netfilter machine). I don't believe it will do what you
want though I may be incorrect.
> iptables -F
> iptables -F -t nat
> iptables -A OUTPUT -t nat -p tcp -o lo -d 192.168.0.254 --dport 5050 -j
> REDIRECT --to-ports 5050
> echo "1" > /proc/sys/net/ipv4/ip_forward
I don't think you need anything special to do this however your rule says
"any packets going out on loopback to 192.168.0.254". The only machine
on your network that would send packets to 192.168.0.254 on loopback is
the machine with that IP itself.
Can you not make that daemon listen on an interface IP as well as
127.0.0.1? This way other hosts could connect to 192.168.0.254:5050.
Other hosts that try to access port 5050 on your machine will simply come
through the INPUT chain, no NAT needed. If you can't, or don't want to
for good reason, I am sure it would be possible with DNAT.
Perhaps I misunderstand what you are trying to accomplish, apologies if
so.
David
next prev parent reply other threads:[~2004-03-30 13:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-30 12:46 Redirecting ports on localhost Fabiano Bonin
2004-03-30 13:00 ` David Cannings [this message]
2004-04-01 8:25 ` Redirection to local lan, isn't DNAT method unsafe Bo Jacobsen
2004-04-01 8:37 ` Antony Stone
2004-04-01 8:55 ` Bo Jacobsen
2004-04-01 9:05 ` Antony Stone
2004-04-01 9:42 ` Bo Jacobsen
2004-04-01 9:55 ` Antony Stone
2004-04-01 12:43 ` Bo Jacobsen
2004-04-01 22:20 ` Unknown, Alistair Tonner
[not found] ` <200404011720.57604.Alistair Tonner <>
2004-04-01 22:52 ` Antony Stone
2004-04-22 3:49 ` Alexander Samad
[not found] <20040330133505.22298.90925.Mailman@vishnu.netfilter.org>
2004-03-30 14:15 ` Redirecting ports on localhost Fabiano Bonin
2004-03-30 19:13 ` David Cannings
2004-03-30 22:03 ` Tony Earnshaw
2004-03-30 22:31 ` David Cannings
2004-03-31 0:40 ` Tony Earnshaw
2004-03-30 22:33 ` David Cannings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200403301400.15110.lists@edeca.net \
--to=lists@edeca.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.