0

i have a daemon program which listens on 127.0.0.1:8000.
i need to access it when i connect to my box with vpn.
so i want it to listen on the ppp0 interface too.

i've tried the "ssh -L" method. it works, but i don't think it's the right way to do that, having an extra ssh process running in the background.
i tried the "netcat" method. it exits when the connection is closed. so not a valid way for "listening".

i also tried several iptables rules. none of them worked.
i'm not listing here all the rules i've used. 

iptables -A FORWARD -j ACCEPT
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 8000 -j DNAT --to-destination 127.0.0.1:8000

the above ruleset doesn't work.
i have net.ipv4.ip_forward set to 1.

anyone knows how to redirect traffic from ppp interface to lo?
say, listen on "192.168.45.1:8000 (ppp0)" as well as "127.0.0.1:8000 (lo)"
there's no need to alter the port.

thanx

=-= update:

on the roaming box, when i use 

nc 192.168.45.1 8000

there's no output at all no matter what i type.
however, when doing that in a ssh session, for both of 

nc 127.0.0.1 8000
nc 192.168.45.1 8000

it gives out error messages if i input some random text.
does it mean that i need additional rules to redirect the output back to the roaming box?

1 Answers1

1

I took a quick glance at your iptables rules, and my first thought is, that they look good. Are you sure, it doesn't work already - but only from a foreign host. If you try to connect to it from the server itself, it won't work. In that case, you'll also need to add your nat rule to the nat OUTPUT chain:

-t nat -A OUTPUT -p tcp -dst 192.168.45.1 --dport 8000 -j DNAT --to-destination 127.0.0.1:8000

(This is necessary, because your local packets won't go through the PREROUTING chain - at least on my system, they don't.)

I'd try that first, but maybe there's an additional problem. (Maybe there aren't only tcp packets, but also udp?)

BTW, maybe you can configure your daemon to listen on both interfaces instead.

Chris Lercher
  • 4,152
  • 9
  • 35
  • 41
  • it works fine from the local side. i added your rule. doesn't make a difference. the listening address is hard-coded in that program, i havn't got the time to look into it's source code. on the roaming box, when i use nc 192.168.45.1 8000 there's no output at all no matter what i type. however, when doing that in a ssh session, for both of nc 127.0.0.1 8000 nc 192.168.45.1 8000 it gives out error messages if i input some random text. does it mean that i need additional rules to redirect the output back to the roaming box? –  Mar 24 '10 at 12:12
  • To narrow down the possibilities: Can you do a netcat chat with two terminals (first stop your daemon)? Terminal 1 (acts as server): `nc -lp 8000` Terminal 2 (acts as client): `nc 192.168.45.1 8000`. Variation on Terminal 2: `nc 127.0.0.1 8000`. Try chatting between the terminals, see if it works. If it does, then the problem is most likely in the daemon. You can also make the server listen only on one address: `nc -lp 8000 127.0.0.1` or `nc -lp 8000 192.168.45.1`. – Chris Lercher Mar 24 '10 at 15:01