android - Why is this iptables rule that does port forwarding not working?
2013-08
I have a server bound to localhost:7060
. It is using ipv6 socket instead of ipv4. Below is netstat outout.
# netstat -an
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.200.32.98:1720 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4122 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4123 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:4123 127.0.0.1:43051 ESTABLISHED
tcp 0 0 10.200.32.98:5555 10.200.32.44:53162 ESTABLISHED
tcp6 0 0 :::5060 :::* LISTEN
tcp6 0 0 ::ffff:127.0.0.1:7060 :::* LISTEN
tcp6 0 0 :::23 :::* LISTEN
tcp6 0 0 ::ffff:10.200.32.98:23 ::ffff:10.200.32.142:43505 ESTABLISHED
tcp6 0 0 ::ffff:127.0.0.1:43051 ::ffff:127.0.0.1:4123 ESTABLISHED
tcp6 0 0 ::ffff:10.200.32.98:23 ::ffff:10.200.32.44:53195 ESTABLISHED
udp6 0 0 :::5060 :::* CLOSE
#
I want to setup a port forwarding rule that accepts connections on port 24 (on all interfaces loopback as well as eth0) and forward the data to localhost:7060
.
This is how I am setting up the iptables rule:
iptables -t nat -A PREROUTING -p tcp --dport 24 -j DNAT --to 127.0.0.1:7060**
It is not working. When I telnet from different box, I see the following
$telnet 10.200.32.98 24
Trying 10.200.32.98...
If I change the server to bind to *:7060
and set the following rule, it seems to work fine.
iptables -t nat -A PREROUTING -p tcp --dport 24 -j REDIRECT --to-port 7060
But that will make my server available on WAN interface which I don't like.
I feel it had something to do with ipv6 socket (tcp6 line in netstat output). This whole thing is done on an Android device with custom built Android platform image.
How do I get this working?
I think you must use --sport 24
instead of --dport 24
, because de traffic is incoming, not outgoing. Although, as Garret said, probably you must use ip6tables
...
view all most popular Amazon Coupons
.
I'm pretty new to iptables. My server has two Ethernet cards (eth0, eth1) and an ADSL router that is in bridge mode connected to the eth0 which created ppp0 when dialed.
I'm trying to forward external port 80 to my local machine (192.168.2.2) connected in eth1.
My Internet sharing is done by:
iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.0 -o ppp0 -j MASQUERADE
(if there is a better way feel free to show me)
I am trying to use:
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 192.168.2.2:80
but I don't know to which Ethernet interface I should be pointing it. Any ideas?
If you are accessing the Internet through ppp0
, that's what you should use for -i
in both commands. (Check the default route in ip -4 route
to be sure.)
Check out http://www.hackorama.com/network/portfwd.shtml. It has very good and detailed explanation for what you're trying to do.