rstaveley
asked on
DNAT lo->eth0
I have an Oracle Express server at 192.168.2.203 and I want to make it appear to be on localhost.
I did the following:
iptables -t nat -A PREROUTING -p tcp --dport 1521 -i lo -j DNAT --to 192.168.2.203:1521
Here is is:
--------8<--------
rob@slippy:~$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp
dpt:1521 to:192.168.2.203:1521
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------8<--------
However, I can't connect to 1521 on localhost.
The interface is the loopback driver. Do I need to do something to specfy the fact that the destination is on the eth0 interface, or have I got the wrong end of the stick about DNAT?
I did the following:
iptables -t nat -A PREROUTING -p tcp --dport 1521 -i lo -j DNAT --to 192.168.2.203:1521
Here is is:
--------8<--------
rob@slippy:~$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp
dpt:1521 to:192.168.2.203:1521
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------8<--------
However, I can't connect to 1521 on localhost.
The interface is the loopback driver. Do I need to do something to specfy the fact that the destination is on the eth0 interface, or have I got the wrong end of the stick about DNAT?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Xinetd was a snap :-)
Use stone:
apt-get install stone
stone -D 127.0.0.1:1521 0.0.0.0:1521
apt-get install stone
stone -D 127.0.0.1:1521 0.0.0.0:1521
ASKER
Yes that was Redimido's suggestion in http:#19987338. ravenpl's Xinetd http:#19987380 worked nicely for me, though and was more familiar territory. I suspect that it is more efficient than using a proxy too.
ASKER