Our server is IPv6 only connected and an applications listen to port 8080 at private network, but we need port 80 at public Internet.
On purpose of testing, when opening the firewall for port 8080, accessing IPv6:8080 address works fine (no permanent solution, at the end the port have to be closed)
So we need a kind of port forwarding like offered by ip6tables TPROXY to another local port as proposed here. But the following is not working:
ip6tables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j TPROXY --on-port 8080
It simply don't return any data. (Even when removing all other rules from ip6tables, only this one is available) When looking to the packages with "ip6tables -t mangle -vL" I see the number of packes grow on the line of the TPROXY rule. When opening the "conntrack -E" I see only one line appearing flagged with [DESTROY]. When looking to "netstat -anp --tcp" I don't see the new port 80, only the applications port 8080.
Same problem, if temporary reconfiguring the application to port 80 and use "-j TPROXY --on-port 80" or "-j TPROXY --on-port 0", so basically testing a port forwarding to the same port - no success. Same problem, if using the advanced routing by header marking with:
ip6tables -t mangle -R PREROUTING 1 -i eth0 -p tcp --dport 80 -j TPROXY --on-port 8080 --tproxy-mark 0x2/0x3
ip -6 rule add fwmark 2 lookup 6
ip -6 route add local ::/0 dev eth0 table 6
I've loaded "modprobe xt_TPROXY" and "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding"
Any idea why this is not working on Debian Wheezy with ip6tables v1.4.14 at all? Did I forgot some very basic configuration steps (these are my first steps with ip6tables and IPv6 at all)?
Thanks Achim
PS: Some other possible solutions would be to use IPv6 DNAT/SNAT with Ubuntu 12.04 LTS, like proposed here or use NAT66, like proposed here, but both technologies don't looks confidential, I can't found working examples either...
