Re: IPv6 Redirecting a Port

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@computergmbh.de>
Cc: Ryan Kruse <rkruse@alterpoint.com>,
	"'netfilter@vger.kernel.org'" <netfilter@vger.kernel.org>
Subject: Re: IPv6 Redirecting a Port
Date: Wed, 26 Mar 2008 17:44:05 +0100	[thread overview]
Message-ID: <47EA7D55.5010403@trash.net> (raw)
In-Reply-To: <alpine.LNX.1.10.0803261733060.22661@fbirervta.pbzchgretzou.qr>

Jan Engelhardt wrote:
> 
> On Tuesday 2008-03-25 17:11, Patrick McHardy wrote:
>> Ryan Kruse wrote:
>>>
>>>  We have a network management application that has an embedded TFTP 
>>> and FTP
>>>  server.  The application is written in Java and runs as an unprivileged
>>>  user so we can't bind to the well known ports.  On linux we bind 
>>> TFTP and
>>>  FTP to high ports (udp/11069 and tcp/11021).  We then use iptables 
>>> rules to
>>>  redirect the incoming low port (udp/69 and tcp/21) connections to 
>>> the high
>>>  ports.
>>>
>>>  Now that our application supports IPv6 I need to do the same for 
>>> that.  I
>>>  know that ip6tables doesn't support NAT (and shouldn't), but I haven't
>>>  found a way to redirect a port.  Any thoughts on how this can be done?
>>
>>
>> Routing by fwmark *might* work (add a new "local" table and a rule
>> pointing to it, mark packets appropriately, bind to ::0). If that
>> doesn't you'll most likely need a IPv6-capable TPROXY version.
> 
> But how does routing change the destination port? It does not...

Right, not the port of course, I misread the mail.

     prev parent reply	other threads:[~2008-03-26 16:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-25 15:56 IPv6 Redirecting a Port Ryan Kruse
2008-03-25 16:11 ` Patrick McHardy
2008-03-26 16:33   ` Jan Engelhardt
2008-03-26 16:44     ` Patrick McHardy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47EA7D55.5010403@trash.net \
    --to=kaber@trash.net \
    --cc=jengelh@computergmbh.de \
    --cc=netfilter@vger.kernel.org \
    --cc=rkruse@alterpoint.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.