Re: IPv6 Redirecting a Port

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Ryan Kruse <rkruse@alterpoint.com>
Cc: "'netfilter@vger.kernel.org'" <netfilter@vger.kernel.org>
Subject: Re: IPv6 Redirecting a Port
Date: Tue, 25 Mar 2008 17:11:00 +0100	[thread overview]
Message-ID: <47E92414.5000108@trash.net> (raw)
In-Reply-To: <B48CB61665A101419E226D4D141D540E03035231A5@mail-server.inside.eclyptic.com>

Ryan Kruse wrote:
> 
> We have a network management application that has an embedded TFTP and FTP server.  The application is written in Java and runs as an unprivileged user so we can't bind to the well known ports.  On linux we bind TFTP and FTP to high ports (udp/11069 and tcp/11021).  We then use iptables rules to redirect the incoming low port (udp/69 and tcp/21) connections to the high ports.
> 
> Now that our application supports IPv6 I need to do the same for that.  I know that ip6tables doesn't support NAT (and shouldn't), but I haven't found a way to redirect a port.  Any thoughts on how this can be done?


Routing by fwmark *might* work (add a new "local" table and a rule
pointing to it, mark packets appropriately, bind to ::0). If that
doesn't you'll most likely need a IPv6-capable TPROXY version.

next prev parent reply	other threads:[~2008-03-25 16:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-25 15:56 IPv6 Redirecting a Port Ryan Kruse
2008-03-25 16:11 ` Patrick McHardy [this message]
2008-03-26 16:33   ` Jan Engelhardt
2008-03-26 16:44     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47E92414.5000108@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter@vger.kernel.org \
    --cc=rkruse@alterpoint.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox