Re: iptables: forward port from eth0 to 127.0.0.1

From: Tim Haynes (usenet-20040610_at_stirfried.vegetable.org.uk)
Date: 06/10/04

• Next message: François Duranleau: "Re: Mysteriously hacked?"
• Previous message: ctt: "Re: Unknown service on port 21 and 143 detected via nessus - Next"
• In reply to: Bill Marcum: "Re: iptables: forward port from eth0 to 127.0.0.1"
• Next in thread: Jeff Beard: "Re: iptables: forward port from eth0 to 127.0.0.1"
• Reply: Jeff Beard: "Re: iptables: forward port from eth0 to 127.0.0.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 10 Jun 2004 18:12:12 +0100

Bill Marcum <bmarcum@iglou.com.urgent> writes:

> ["Followup-To:" header set to comp.os.linux.admin.]

[ignored, I'm not on there]

> On Thu, 10 Jun 2004 00:10:28 GMT, Scott Dudley
> <scott@nospam.telesoft.com> wrote:
>>
>> Need some iptables help. How can I use iptables to redirect eth0 port
>> 80 to 127.0.0.1? i.e. the service is bound only to 127.0.0.1 and I want
>> to route inbound LAN traffic to same.
>
> What do you mean? 127.0.0.1 is the loopback interface. If you want
> other machines on the LAN to see your web server, you bind it to the
> eth0 address.

He means he wants to DNAT port 80 from the external interface to localhost.
There are (D)NAT-HOWTOs a-plenty out there to be researching.

(No, I don't know *why* someone would do this, as it gains you very little
except experience, in the majority of cases. In fact, the only time I've
used it for real was when I knew some spammers' IP#s and redirected them up
to a different port# where a not-webserver was listening... tarpit style.)

~Tim

-- 
I still hear the snares in the square       |piglet@stirfried.vegetable.org.uk
Colours ablaze in the evening               |http://pig.sty.nu/Pictures/

---

• Next message: François Duranleau: "Re: Mysteriously hacked?"
• Previous message: ctt: "Re: Unknown service on port 21 and 143 detected via nessus - Next"
• In reply to: Bill Marcum: "Re: iptables: forward port from eth0 to 127.0.0.1"
• Next in thread: Jeff Beard: "Re: iptables: forward port from eth0 to 127.0.0.1"
• Reply: Jeff Beard: "Re: iptables: forward port from eth0 to 127.0.0.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: some tunnelling help needed: README FIRST ... > You forgot the '-g' option, to allow remote hosts to connect to the local ... the port is just bound to the loopback interface. ... For GNU/Linux Success Stories and Articles visit: ... (SSH) Re: some tunnelling help needed ... > You forgot the '-g' option, to allow remote hosts to connect to the local ... the port is just bound to the loopback interface. ... For GNU/Linux Success Stories and Articles visit: ... (SSH) Re: What does udp port 514 use? ... Should I close this port? ... from foreign hosts. ... There are few reasons to have syslog listening on that port: ... There might be some services running on you host that try to write to the loopback interface rather than a UNIX socket. ... (freebsd-questions) Re: some tunnelling help needed ... > You forgot the '-g' option, to allow remote hosts to connect to the local ... the port is just bound to the loopback interface. ... For GNU/Linux Success Stories and Articles visit: ... (SSH)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)