I’d like to redirect incoming external traffic to a service which listens on 127.0.0.1. The redirection is easy – just:
iptables -t nat -A PREROUTING \ -d local_ip --dport 80 \ -j DNAT --to-destination 127.0.0.1:port
but this leaves the packet on
eth0 and it’s just logged as martian and dropped by default. I can enable
eth0 to fix this, but that exposes the whole interface to weird routing tricks.
How do I forward it correctly without
The correct way to handle this is to have the application listen on the correct interface and/or IP address, not 127.0.0.1, and use iptables only to allow traffic, not to play weird NAT tricks.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.