i have a daemon program which listens on 127.0.0.1:8000.
i need to access it when i connect to my box with vpn.
so i want it to listen on the ppp0 interface too.
i've tried the "ssh -L" method. it works, but i don't think it's the right way to do that, having an extra ssh process running in the background.
i tried the "netcat" method. it exits when the connection is closed. so not a valid way for "listening".
i also tried several iptables rules. none of them worked.
i'm not listing here all the rules i've used.
iptables -A FORWARD -j ACCEPT
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 8000 -j DNAT --to-destination 127.0.0.1:8000
the above ruleset doesn't work.
i have net.ipv4.ip_forward set to 1.
anyone knows how to redirect traffic from ppp interface to lo?
say, listen on "192.168.45.1:8000 (ppp0)" as well as "127.0.0.1:8000 (lo)"
there's no need to alter the port.
thanx
=-=
update:
on the roaming box, when i use
nc 192.168.45.1 8000
there's no output at all no matter what i type.
however, when doing that in a ssh session, for both of
nc 127.0.0.1 8000
nc 192.168.45.1 8000
it gives out error messages if i input some random text.
does it mean that i need additional rules to redirect the output back to the roaming box?
Best Answer
I took a quick glance at your iptables rules, and my first thought is, that they look good. Are you sure, it doesn't work already - but only from a foreign host. If you try to connect to it from the server itself, it won't work. In that case, you'll also need to add your nat rule to the nat OUTPUT chain:
-t nat -A OUTPUT -p tcp -dst 192.168.45.1 --dport 8000 -j DNAT --to-destination 127.0.0.1:8000(This is necessary, because your local packets won't go through the PREROUTING chain - at least on my system, they don't.)
I'd try that first, but maybe there's an additional problem. (Maybe there aren't only tcp packets, but also udp?)
BTW, maybe you can configure your daemon to listen on both interfaces instead.