From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: IPv6 Redirecting a Port Date: Wed, 26 Mar 2008 17:44:05 +0100 Message-ID: <47EA7D55.5010403@trash.net> References: <47E92414.5000108@trash.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Jan Engelhardt Cc: Ryan Kruse , "'netfilter@vger.kernel.org'" Jan Engelhardt wrote: > > On Tuesday 2008-03-25 17:11, Patrick McHardy wrote: >> Ryan Kruse wrote: >>> >>> We have a network management application that has an embedded TFTP >>> and FTP >>> server. The application is written in Java and runs as an unprivileged >>> user so we can't bind to the well known ports. On linux we bind >>> TFTP and >>> FTP to high ports (udp/11069 and tcp/11021). We then use iptables >>> rules to >>> redirect the incoming low port (udp/69 and tcp/21) connections to >>> the high >>> ports. >>> >>> Now that our application supports IPv6 I need to do the same for >>> that. I >>> know that ip6tables doesn't support NAT (and shouldn't), but I haven't >>> found a way to redirect a port. Any thoughts on how this can be done? >> >> >> Routing by fwmark *might* work (add a new "local" table and a rule >> pointing to it, mark packets appropriately, bind to ::0). If that >> doesn't you'll most likely need a IPv6-capable TPROXY version. > > But how does routing change the destination port? It does not... Right, not the port of course, I misread the mail.