0

I have a process running on my Ubuntu 12.04 server that insists on binding to a public IP address. I only want it accessible from localhost, and NOT the outside world. I've been trying to work out a way to forward 1.2.3.4:8888 to 127.0.0.1:8888. I saw something about iptables not wanting to forward connections to loopback, and I haven't been able to make it work with xinetd either. It's also important that the connection not only be available on localhost, but be inaccessible on the interface it's trying to run on. Is this even possible?

Dan
  • 351
  • 1
  • 7
  • 18
  • What is this mystery process? – Michael Hampton Dec 15 '12 at 15:03
  • That's not really pertinent to the question, but it's a remote access daemon for a Minecraft server. It stores and transmits its password in cleartext and doesn't use encryption anywhere, so I don't want it going out over the internet like that. However, it refuses to be told to bind to any IP other than the one Minecraft itself is bound to. – Dan Dec 15 '12 at 21:36
  • It seems quite pertinent to [the _real_ question](http://meta.stackexchange.com/q/66377/189912). – Michael Hampton Dec 15 '12 at 21:39
  • The remote access daemon itself lacks some pretty standard configuration options, and can't be told what interface to bind to. The only options it knows are `username`, `password`, and `port`. I've been looking for something to replace it, but been coming up dry. Finding a replacement would probably be a question for another SE site anyway. For the time being, this is sadly looking like my most viable option. – Dan Dec 15 '12 at 23:50

1 Answers1

1
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 8888 -j DROP

Replace eth0 with whatever interface you want to block connections from. If the application communicates in UDP, replace tcp with udp, or just apply both.

Waleed Hamra
  • 751
  • 6
  • 16
  • It looks to me like that's just dropping outside connections. That's simple enough, but I still need to be able to access 1.2.3.4:8888 as 127.0.0.1:8888. There's currently nothing bound there. – Dan Dec 15 '12 at 09:30