Re: Connect to localhost bound port from outside?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Connect to localhost bound port from outside?
Date: Wed, 31 Jan 2007 09:36:18 -0600	[thread overview]
Message-ID: <45C0B772.2090201@riverviewtech.net> (raw)
In-Reply-To: <45C06BE7.2080208@plouf.fr.eu.org>

Pascal Hambourg wrote:
> Iptables will happily redirect anything you like to localhost, but the 
> kernel IP routing prohibits communications with a loopback address on a 
> non loopback interface and thus will drop the packets. This is similar 
> to the problem in the above thread "port forwarding through localhost", 
> and the same workaround is applicable.

Does this apply if the reverse path filter is turned off?  Or is this a 
hard coded filter in the kernel that can not be gotten around?

Another thought to the OP would be to use the Dummy interface in lieu of 
the Loop Back interface as I believe it does not have the same 
restrictions that Loop Back does.  However I could be mistaken.

I have often considered using lo for local only but using dummy as a 
spur network to bind services to and then route traffic in to the spur 
network.  Thoughts / Opinions?

Grant. . . .

next prev parent reply	other threads:[~2007-01-31 15:36 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-31  7:33 Connect to localhost bound port from outside? jan_bar
2007-01-31  9:03 ` Покотиленко Костик
2007-01-31  9:43   ` jan_bar
2007-01-31 10:39     ` Martijn Lievaart
     [not found]     ` <46560.2001:888:19e1::53.1170239989.squirrel@dexter>
2007-01-31 11:52       ` Martijn Lievaart
2007-01-31 10:13 ` Pascal Hambourg
2007-01-31 15:36   ` Grant Taylor [this message]
2007-01-31 16:03     ` Pascal Hambourg
2007-01-31 18:31       ` Grant Taylor
2007-01-31 23:01         ` Pascal Hambourg
2007-01-31 23:57           ` Grant Taylor
2007-02-06 19:13     ` R. DuFresne
2007-02-06 19:38       ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45C0B772.2090201@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=gtaylor+reply@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.