On Friday 01 January 2010 14:38:36 Etaoin Shrdlu wrote:
> On Friday 01 January 2010, Alexander wrote:
> > On Friday 01 January 2010 03:07:42 Etaoin Shrdlu wrote:
> > > On Thursday 31 December 2009, Alexander wrote:
> > > > Is there a way to redirect TCP connections from external network
> > > > interfaces to the local/loopback in network 127.0.0.0/8? I need
> > > > functionality like DNAT target in iptables.
> > >
> > > Uh...why don't you use DNAT then?
> > This doesn't work, because kernel drops any packets that come from
> > external network to 127.0.0.0/8.
> Of course it does. But in these cases, the workaround is assigning a
> non-127 address to the lo interface, like 192.168.0.1/32 for example, and
> DNAT to that address (and have whatever program should receive the data
> listen on 192.168.0.1, of course).
This way eats some private network address range and this could be cause of a
collisions with an external private networks. Reconfiguring services for a new ip
ranges isn't so easy procedure in general (let's consider device that should
work just out of the box with a trivial configutation efforts). Thus it's
important use some subsets of 127.0.0.0/8 network for that.
I have just been advised to look at net-misc/stone or net-proxy/haproxy (thanks
to has been adviced), but I'm not sure that this will work like DNAT.