Hi! I want to use a program (some sort of webserver), that only listen on localhost:2048, on the LAN. So I installed Shorewall (Debian Etch) and set a rule: DNAT:info loc $FW:127.0.0.1:2048 tcp 80 But I cannot reach my program. In order to debug this problem, I used nc: nc -l -p 2048 -s 127.0.0.1 But only this combination is ok: DNAT:info loc $FW:192.168.2.106:2048 tcp 80 nc -l -p 2048 It seems impossible to set an portforwarding to localhost. Thanks for your help Regards Sebastian ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Sebastian Raring wrote:> Hi! > > I want to use a program (some sort of webserver), that only listen on > localhost:2048, on the LAN. > So I installed Shorewall (Debian Etch) and set a rule: > DNAT:info loc $FW:127.0.0.1:2048 tcp 80 > > But I cannot reach my program. > > In order to debug this problem, I used nc: > nc -l -p 2048 -s 127.0.0.1 > > > But only this combination is ok: > DNAT:info loc $FW:192.168.2.106:2048 tcp 80 > nc -l -p 2048 > > > It seems impossible to set an portforwarding to localhost.Try: REDIRECT loc 2048 tcp 80 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> Try: > > REDIRECT loc 2048 tcp 80I tried it, too. But it is still the same. It only redirect to the normal ip, but not to localhost. Sebastian ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Sebastian Raring wrote:> Tom Eastep wrote: >> Try: >> >> REDIRECT loc 2048 tcp 80 > > I tried it, too. > But it is still the same. > > It only redirect to the normal ip, but not to localhost.Then I know of no way to do it. Sorry, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Is your application even running on localhost? Sounds like it isn''t. Try netstat -anp | grep 2048 and make sure that there''s the corresponding process listening on 127.0.0.1:2048. Prasanna. On 1/6/07, Sebastian Raring <sebastian@raring.de> wrote:> Tom Eastep wrote: > > Try: > > > > REDIRECT loc 2048 tcp 80 > > I tried it, too. > But it is still the same. > > It only redirect to the normal ip, but not to localhost. > > > Sebastian > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Prasanna Krishnamoorthy wrote:> Is your application even running on localhost? Sounds like it isn''t. > > Try > netstat -anp | grep 2048 > and make sure that there''s the corresponding process listening on > 127.0.0.1:2048.Thanks for your idea. But the process is listening: root@intranet:/# netstat -anp Aktive Internetverbindungen (Server und stehende Verbindungen) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2048 0.0.0.0:* LISTEN 8565/nc when I try with a webbrowser, shorewall shows: Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT= MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39 DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49464 DF PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0 Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT= MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39 DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49557 DF PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0 Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT= MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39 DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49641 DF PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0 Sebastian ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Sebastian Raring wrote:> Prasanna Krishnamoorthy wrote: >> Is your application even running on localhost? Sounds like it isn''t. >> >> Try >> netstat -anp | grep 2048 >> and make sure that there''s the corresponding process listening on >> 127.0.0.1:2048. > > Thanks for your idea. > > But the process is listening: > root@intranet:/# netstat -anp > Aktive Internetverbindungen (Server und stehende Verbindungen) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp 0 0 127.0.0.1:2048 0.0.0.0:* > LISTEN 8565/nc > > when I try with a webbrowser, shorewall shows: > Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT= > MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39 > DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49464 DF > PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0 >I have found no way to make this work -- even using raw iptables commands. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > root@intranet:/# netstat -anp > > Aktive Internetverbindungen (Server und stehende Verbindungen) > > Proto Recv-Q Send-Q Local Address Foreign Address > > State PID/Program name > > tcp 0 0 127.0.0.1:2048 0.0.0.0:* > > LISTEN 8565/nc > > > > when I try with a webbrowser, shorewall shows: > > Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT= > > MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39 > > DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49464 DF > > PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0This is crude and foul but should work: www stream tcp nowait nobody /bin/nc nc 127.0.0.1 2048 As a line in inetd.conf. Yeah, I know. But it''s an ugly sort of thing to want to do anyway. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
There''s a better way. make your application listen on the external LAN interface - eg 192.168.2.106:2048, then add the following rule: REDIRECT loc 2048 tcp 443 - 192.168.2.106 This will "just work(tm)" Jan On 08/01/07, Andrew Suffield <asuffield@suffields.me.uk> wrote:> > > > root@intranet:/# netstat -anp > > > Aktive Internetverbindungen (Server und stehende Verbindungen) > > > Proto Recv-Q Send-Q Local Address Foreign Address > > > State PID/Program name > > > tcp 0 0 127.0.0.1:2048 0.0.0.0:* > > > LISTEN 8565/nc > > > > > > when I try with a webbrowser, shorewall shows: > > > Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT> > > MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39 > > > DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49464 DF > > > PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0 > > This is crude and foul but should work: > > www stream tcp nowait nobody /bin/nc nc 127.0.0.1 2048 > > As a line in inetd.conf. > > Yeah, I know. But it''s an ugly sort of thing to want to do anyway. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
I should add,I don''t think you need to make your app listen on 192.168.2.106- localhost should work too. Jan On 08/01/07, Jan Mulders <lastchancehotel@gmail.com> wrote:> > There''s a better way. > > make your application listen on the external LAN interface - eg > 192.168.2.106:2048, then add the following rule: > > REDIRECT loc 2048 tcp 443 - 192.168.2.106 > > This will "just work(tm)" > > Jan > > On 08/01/07, Andrew Suffield <asuffield@suffields.me.uk> wrote: > > > > > > root@intranet:/# netstat -anp > > > > Aktive Internetverbindungen (Server und stehende Verbindungen) > > > > Proto Recv-Q Send-Q Local Address Foreign Address > > > > State PID/Program name > > > > tcp 0 0 127.0.0.1:2048 0.0.0.0:* > > > > LISTEN 8565/nc > > > > > > > > when I try with a webbrowser, shorewall shows: > > > > Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT> > > > MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC= 192.168.2.39 > > > > DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49464 DF > > > > PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0 > > > > This is crude and foul but should work: > > > > www stream tcp nowait nobody /bin/nc nc 127.0.0.1 2048 > > > > As a line in inetd.conf. > > > > Yeah, I know. But it''s an ugly sort of thing to want to do anyway. > > > > ------------------------------------------------------------------------- > > > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net''s Techsay panel and you''ll get the chance to share > > your > > opinions on IT & business topics through brief surveys - and earn cash > > > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> make your application listen on the external LAN interface - eg> 192.168.2.106:2048 <http://192.168.2.106:2048/>, then add the This is a closed source app, and there are no config option for this app to make it work. > I should add,I don''t think you need to make your app listen on > 192.168.2.106 <http://192.168.2.106> - localhost should work too. The strange think is, that it should work, but it is not working. Sebastian Jan Mulders wrote:> Jan > > > On 08/01/07, *Jan Mulders* <lastchancehotel@gmail.com > <mailto:lastchancehotel@gmail.com>> wrote: > > There''s a better way. > > make your application listen on the external LAN interface - eg > 192.168.2.106:2048 <http://192.168.2.106:2048/>, then add the > following rule: > > REDIRECT loc 2048 tcp 443 - 192.168.2.106 > <http://192.168.2.106/> > > This will "just work(tm)"------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Just had a thought when reading some of these replies. If this has been
suggested and I skipped over it, I apologize.
Could you just run squid and proxy the 2048 port over to 80? I''ve done
similar things such as adding SSL to a non-ssl capable web appliance, but I
think you could make it work.
Josh
--------------------------
Sent from my BlackBerry Wireless Handheld
-----Original Message-----
From: Sebastian Raring <sebastian@raring.de>
Date: Mon, 08 Jan 2007 19:20:05
To:Shorewall Users <shorewall-users@lists.sourceforge.net>
Subject: Re: [Shorewall-users] portforwarding from LAN to localhost
> make your application listen on the external LAN interface - eg
> 192.168.2.106:2048 <http://192.168.2.106:2048/>, then add the
This is a closed source app, and there are no config option for this app
to make it work.
> I should add,I don''t think you need to make your app listen on
> 192.168.2.106 <http://192.168.2.106> - localhost should work too.
The strange think is, that it should work, but it is not working.
Sebastian
Jan Mulders wrote:
> Jan
>
>
> On 08/01/07, *Jan Mulders* <lastchancehotel@gmail.com
> <mailto:lastchancehotel@gmail.com>> wrote:
>
> There''s a better way.
>
> make your application listen on the external LAN interface - eg
> 192.168.2.106:2048 <http://192.168.2.106:2048/>, then add the
> following rule:
>
> REDIRECT loc 2048 tcp 443 - 192.168.2.106
> <http://192.168.2.106/>
>
> This will "just work(tm)"
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Sebastian Raring wrote:> > make your application listen on the external LAN interface - eg > > 192.168.2.106:2048 <http://192.168.2.106:2048/>, then add the > > This is a closed source app, and there are no config option for this app > to make it work. > > > I should add,I don''t think you need to make your app listen on > > 192.168.2.106 <http://192.168.2.106> - localhost should work too. > > The strange think is, that it should work, but it is not working.It is not clear to me that "it should work". It''s my understanding that 127.0.0.1 and the loopback interface have very specific support in the IP stack. There was a long thread on one of the networking lists a while back where someone was trying to use the 127.0.0.0/8 network for intra-cluster communication. While one might think that "should work", there were major obstacles and I don''t believe that the person ever got it working. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Mon, Jan 08, 2007 at 06:27:36PM +0000, Tressler, Joshua A. wrote:> Could you just run squid and proxy the 2048 port over to 80?That''s exactly what my inetd/nc line did, only without the whole squid bit. squid''s overkill for a simple port redirection. (inetd is how people used to do this before we had kernels that could NAT) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV