[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPtables localhost redirect

On Fri, Jul 9, 2010 at 08:34, Boyd Stephen Smith Jr.
<bss@iguanasuicide.net> wrote:
> What have you tried?  It seems like you'd need to change this in a PREROUTING
> chain, probably in the mangle table.
>
> Also, depending on the application it my be using the "unix socket" instead of
> TCP/IP to connect to PostgreSQL.  In that case, iptables would not be
> involved.

I have tried any configuration of PREROUTING, POSTROUTING, OUTPUT over
nat table.
I have not tried the mangle table, but I know it is used to change the
packet headers,
and I think that is not our case.

I have done many attempt with other protocols and tools (netcat is one of this),
and the problem is note the unix socket because in every case I forced the use
of the 127.0.0.1 host (especially with the the postgres client).

The problem seams to reside in how netfilter process packets on the lo
device and the localhost ip family.

This is a related post in italian:
http://lists.debian.org/debian-italian/2010/07/msg00148.html

And this is the workaround we came:
http://lists.debian.org/debian-italian/2010/07/msg00170.html
Reply to: