redirect 127.0.0.1:25 -> 127.0.0.1:2000

All of lore.kernel.org
 help / color / mirror / Atom feed

* redirect 127.0.0.1:25 -> 127.0.0.1:2000
@ 2007-05-18 22:36 Alex Tang
  2007-05-18 22:42 ` Alex Tang
  2007-05-18 22:46 ` Alex Tang
  0 siblings, 2 replies; 4+ messages in thread
From: Alex Tang @ 2007-05-18 22:36 UTC (permalink / raw)
  To: netfilter

Hi folks.

I'm using a nat PREROUTING rule to forward all connections from port 25 
to port 2000.  This works fine for all addresses except for localhost.

the rule i'm using is: "-A PREROUTING -p tcp -m tcp --dport 25 -j 
REDIRECT --to-ports 2000" (CentOS4, kernel 2.6.9-55, iptables-1.2.11)

For example, on my machine: foobar.example.com

If i telnet from any machine other than foobar.example.com to 
foobar.example.com:25, the connection is redirected  properly to 
foobar.example.com:2000. 

However, if i telnet from foobar.example.com to localhost:25, i get a 
connection refused. 

Telnetting to from foobar.example.com to localhost:2000 works fine (as 
expected)

Telnetting from foobar.example.com to foobar.example.com:25 also does 
not work.

I know that you can't do prerouting from localhost -> some.other.host 
(or vice versa), but i thought localhost->localhost would work.

Am i screwing up the rule? Should I add another rule?  Or am i just SOL.

Thanks.

...alex...

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: redirect 127.0.0.1:25 -> 127.0.0.1:2000
  2007-05-18 22:36 redirect 127.0.0.1:25 -> 127.0.0.1:2000 Alex Tang
@ 2007-05-18 22:42 ` Alex Tang
  2007-05-18 22:46 ` Alex Tang
  1 sibling, 0 replies; 4+ messages in thread
From: Alex Tang @ 2007-05-18 22:42 UTC (permalink / raw)
  To: netfilter

In looking through the mail archive, i see this post:


Alex Tang wrote:
> Hi folks.
>
> I'm using a nat PREROUTING rule to forward all connections from port 
> 25 to port 2000.  This works fine for all addresses except for localhost.
>
> the rule i'm using is: "-A PREROUTING -p tcp -m tcp --dport 25 -j 
> REDIRECT --to-ports 2000" (CentOS4, kernel 2.6.9-55, iptables-1.2.11)
>
> For example, on my machine: foobar.example.com
>
> If i telnet from any machine other than foobar.example.com to 
> foobar.example.com:25, the connection is redirected  properly to 
> foobar.example.com:2000.
> However, if i telnet from foobar.example.com to localhost:25, i get a 
> connection refused.
> Telnetting to from foobar.example.com to localhost:2000 works fine (as 
> expected)
>
> Telnetting from foobar.example.com to foobar.example.com:25 also does 
> not work.
>
> I know that you can't do prerouting from localhost -> some.other.host 
> (or vice versa), but i thought localhost->localhost would work.
>
> Am i screwing up the rule? Should I add another rule?  Or am i just SOL.
>
> Thanks.
>
> ...alex...
>
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: redirect 127.0.0.1:25 -> 127.0.0.1:2000
  2007-05-18 22:36 redirect 127.0.0.1:25 -> 127.0.0.1:2000 Alex Tang
  2007-05-18 22:42 ` Alex Tang
@ 2007-05-18 22:46 ` Alex Tang
  2007-05-23  7:43   ` Jan Engelhardt
  1 sibling, 1 reply; 4+ messages in thread
From: Alex Tang @ 2007-05-18 22:46 UTC (permalink / raw)
  To: netfilter

ARGH.  Sorry about my premature previous post...lemme try this again...

Hi again,

In looking through the mail archive, i see this thread,

http://lists.netfilter.org/pipermail/netfilter/2004-November/057098.html

which answered my question. 

I verified that the kernel had IP_NF_NAT_LOCAL set to y, and i see that 
I was missing the "iptables -t nat -A OUTUPT" line.  Everything works 
now. Whoohoo!

Thanks.

...alex...


Alex Tang wrote:
> Hi folks.
>
> I'm using a nat PREROUTING rule to forward all connections from port 
> 25 to port 2000.  This works fine for all addresses except for localhost.
>
> the rule i'm using is: "-A PREROUTING -p tcp -m tcp --dport 25 -j 
> REDIRECT --to-ports 2000" (CentOS4, kernel 2.6.9-55, iptables-1.2.11)
>
> For example, on my machine: foobar.example.com
>
> If i telnet from any machine other than foobar.example.com to 
> foobar.example.com:25, the connection is redirected  properly to 
> foobar.example.com:2000.
> However, if i telnet from foobar.example.com to localhost:25, i get a 
> connection refused.
> Telnetting to from foobar.example.com to localhost:2000 works fine (as 
> expected)
>
> Telnetting from foobar.example.com to foobar.example.com:25 also does 
> not work.
>
> I know that you can't do prerouting from localhost -> some.other.host 
> (or vice versa), but i thought localhost->localhost would work.
>
> Am i screwing up the rule? Should I add another rule?  Or am i just SOL.
>
> Thanks.
>
> ...alex...
>
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: redirect 127.0.0.1:25 -> 127.0.0.1:2000
  2007-05-18 22:46 ` Alex Tang
@ 2007-05-23  7:43   ` Jan Engelhardt
  0 siblings, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2007-05-23  7:43 UTC (permalink / raw)
  To: Alex Tang; +Cc: netfilter


On May 18 2007 15:46, Alex Tang wrote:
>
> which answered my question. 
> I verified that the kernel had IP_NF_NAT_LOCAL set to y, and i see that I was
> missing the "iptables -t nat -A OUTUPT" line.  Everything works now. Whoohoo!

IP_NF_NAT_LOCAL is removed in later kernels, so don't even think
about starting to use it.

You will be perfectly fine when not having that enabled, -A OUTPUT
does it all.


	Jan
-- 


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-05-23  7:43 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-18 22:36 redirect 127.0.0.1:25 -> 127.0.0.1:2000 Alex Tang
2007-05-18 22:42 ` Alex Tang
2007-05-18 22:46 ` Alex Tang
2007-05-23  7:43   ` Jan Engelhardt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.