In Ubuntu to do (preferably without tunnels) to the application (client) when trying to connect to ip1:port ip2 is connected to the port?

Whether it be TCP or UDP.
Should only for a specific port.

Using iptables or something.
June 5th 19 at 21:11
1 answer
June 5th 19 at 21:13
iptables-t nat -A PREROUTING policy --dport 1 -j DNAT --to-destination 1.1.1.1:1
Well forwarding enable /proc/sys/net/ipv4/ip_forward
I've only see one IP, where IP2?
In this case I need to instead of 127.0.0.1 connectilis - conditionally - 1.2.3.4

How is the forwarding to work?
cat /proc/sys/net/ipv4/ip_forward
gives 1 - Jayden.Bernha commented on June 5th 19 at 21:16
, "--dport 1" all that falls on your port "1" redirect to "--to-destination 1.1.1.1:1" c modification DNAT

and if so then clear ??
iptables-t nat -A PREROUTING policy --dport %remoteport% -j DNAT --to-destination "%adresse%:%portcode% - Sandra_Kautzer42 commented on June 5th 19 at 21:19
Does not work.
Did:
iptables-t nat -A PREROUTING policy -p tcp --dport 27017 -j DNAT --to-destination 172.17.0.1:27017
As said above
cat /proc/sys/net/ipv4/ip_forward
gives 1
Well, cat /etc/hosts gives
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 b5f36e7e7b3a
And here is the software wants to connect to localhost:27017 (Mongo's), service is running at 172.17.0.1:27017 (all this via Docker), but nothing. - Jayden.Bernha commented on June 5th 19 at 21:22
on the first question above was voiced, on the second you already on. And in General:
echo "1" > /proc/sys/net/ipv4/ip_forward - Reymundo.Zie commented on June 5th 19 at 21:25
went to debug :) to telneting remote and local port to see what else is wrong. - Sandra_Kautzer42 commented on June 5th 19 at 21:28
Does not work.
Did:
iptables-t nat -A PREROUTING policy -p tcp --dport 27017 -j DNAT --to-destination 172.17.0.1:27017
As said above
cat /proc/sys/net/ipv4/ip_forward
gives 1
Well, cat /etc/hosts gives
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 b5f36e7e7b3a
And here is the software wants to connect to localhost:27017 (Mongo's), service is running at 172.17.0.1:27017 (all this via Docker), but nothing.

The task is foolish, it would seem.
Docker. On the host machine is running on 27017 Mongo. You need to connect to it from the Docker container to traverse it port (to be available at 127.0.0.1:27017). And fighting for many hours, and though burst, though bursting.
iptables and stuff, of course, did it in the Docker. - Jayden.Bernha commented on June 5th 19 at 21:31
From the Docker ports removed? - Reymundo.Zie commented on June 5th 19 at 21:34
, How to understand it at all? - Jayden.Bernha commented on June 5th 19 at 21:37
Here such moment more. On the machine where the server is:
netstat-tlnp
...
tcp 0 0 127.0.0.1:27017
That is, he listens purely to 127.0.0.1, right?
Is this a problem? - Jayden.Bernha commented on June 5th 19 at 21:40
if I understand you correctly. You don't need to forwardit, and publish. Docker could publish their ports. Example:
docker run-d -p 27017:27017 mongo - Reymundo.Zie commented on June 5th 19 at 21:43
You on the contrary I understand. What you brought it for the case when the server container, and to connect to it from the host. This solution is also used, but for other ports. And Mongol - exactly the opposite! From the container to connect to the server running on host. - Jayden.Bernha commented on June 5th 19 at 21:46
it works in both directions.
docker run -it-p 127.0.0.1:27017:27017 ubuntu /bin/bash - Reymundo.Zie commented on June 5th 19 at 21:49
Forgot to add the SNAT rule
iptables-t nat -A POSTROUTING -d 1.1.1.1 -j MASQUERADE

otherwise, when the customer's request with src-ip 127.0.0.1 and dst-ip 127.0.0.1 package after your rules will fly to 1.1.1.1 with the same src-ip 127.0.0.1, 1.1.1.1 respectively to the same, and the answer will be and in the end did not work - Franz.Waters16 commented on June 5th 19 at 21:52
in this case at all is another question. But yeah. - Reymundo.Zie commented on June 5th 19 at 21:55
No , not working, says "address in use" and couldn't make it work in both directions, because the host already busy port. - Jayden.Bernha commented on June 5th 19 at 21:58
,не про то речь. Указанное пример.
почистите все, что вы до этого делали.
- Перенаправьте порт на локалхост 27017 -> 27018
- Запустите контейнер и пробросьте порт 27018 на 27017 докера
docker run -it -p 127.0.0.1:27018:27017 ubuntu /bin/bash
+ учтите написанное Wexter выше.
Так должно быть понятнее. - Reymundo.Zie commented on June 5th 19 at 22:01
Port 27017 -> 27018 need in the container to redirect? How?
The rest seems clear. - Jayden.Bernha commented on June 5th 19 at 22:04
no. on the host.
On the host you forward the port occupied for free. To a free port on the host attached to the container. - Reymundo.Zie commented on June 5th 19 at 22:07
So?
iptables-t nat -A PREROUTING policy -p tcp --dport 27017 -j REDIRECT --to-port 27018
The hosted server is already running, if that. - Jayden.Bernha commented on June 5th 19 at 22:10
if you need only tcp, Yes. - Reymundo.Zie commented on June 5th 19 at 22:13
Yes I've already wrote my client and server in Python and all waste.
It turned out that simply missing entries in hosts on the container:
172.17.0.1 localhost
And remove any previous definition localhost. (This had to torment himself Docker can only add, I had to reinvent the wheel.)
Not super-accurate, but in my case does not conflict with anything....
Here are just mongoy it is not working. And it's not the port - if instead of Mongo to be my client and server on the same port, it will work. Namely that mongocxx (client driver) for some reason doesn't want to use hosts. - Jayden.Bernha commented on June 5th 19 at 22:16
, он и не обязан, если там жестко указано 127.0.0.1 как целевой адрес. Ибо в противном случае есть варианты. Локалхост и на ipv6 указывает. Что в свою очередь может вести к аномалиям. Решение через хост, скажем так не очень. - Reymundo.Zie commented on June 5th 19 at 22:19
No , there is localhost, it is in the text of the errors fray, so it's 100%. - Jayden.Bernha commented on June 5th 19 at 22:22

Find more questions by tags IptablesLinuxUbuntu