[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1698
  • Last Modified:

DNAT lo->eth0

I have an Oracle Express server at 192.168.2.203 and I want to make it appear to be on localhost.

I did the following:

  iptables -t nat -A PREROUTING -p tcp --dport 1521 -i lo -j DNAT  --to 192.168.2.203:1521

Here is is:
--------8<--------
rob@slippy:~$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
DNAT       tcp  --  anywhere             anywhere            tcp
dpt:1521 to:192.168.2.203:1521

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
--------8<--------

However, I can't connect to 1521 on localhost.

The interface is the loopback driver. Do I need to do something to specfy the fact that the destination is on the eth0 interface, or have I got the wrong end of the stick about DNAT?
0
rstaveley
Asked:
rstaveley
2 Solutions
 
Gabriel OrozcoSolution ArchitectCommented:
I used to see a module on the kernel that allowed me to do DNAT for localhost, but I was unable to find it. without that special module I never got DNAT to localhost to work.

what you can do is this  (taken from other web page):

As I suggested to someone else having the same problem as you, instead of using a DNAT rule you may use a TCP "proxy" such as stone (<http://www.gcd.org/sengoku/stone/>, supports UDP too) or 6tunnel (<http://toxygen.net/6tunnel/>, originally designed to relay connections between IPv6 and IPv4 hosts but works between IPv4 hosts too) which listens on the local port and relays the local connexions to the remote server.


0
 
ravenplCommented:
You have to use forwarding. if packet arrives via lo interface it will not travel PRE/POSTROUTING chains of nat table. Sorry.
You can do traffic forwarding with xinetd, which is probably installed there. http://www.collaborium.org/onsite/benin/lectures/christian/security/SLIDES/img36.html
0
 
rstaveleyAuthor Commented:
Xinetd sounds good. I'll install it. I had no idea you could do forwarding with it.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
rstaveleyAuthor Commented:
Xinetd was a snap :-)
0
 
quadranteserviziCommented:
Use stone:
apt-get install stone
stone -D  127.0.0.1:1521 0.0.0.0:1521
0
 
rstaveleyAuthor Commented:
Yes that was Redimido's suggestion in http:#19987338. ravenpl's Xinetd http:#19987380 worked nicely for me, though and was more familiar territory. I suspect that it is more efficient than using a proxy too.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now