How to route specific IPv6 address & port to another port?

arothuis asked:

I just got a VPS with an IPv4 address as well as a bunch of IPv6 addresses configured and I’m new to routing in Ubuntu/Linux. I would like to route requests with a specific IPv6 and port (i.e. port 80) as destination to a specific port on that address (i.e: port 8000).

In pseudo-code, what I want is the following:

if($DESTINATION_IP == [specific IPv6-address]:80)
    route to port: 8000

When an application is listening on [specific IPv6-address]:8000, it will receive the requests sent to [specific IP-address]:80. But when I use [another IPv6-address]:80, it will not route to that port.

It seems pretty simple and I think I would have to use ip6tables for the job, but I don’t know how to achieve this.

Many thanks.

My answer:

You cannot forward ports with ip6tables, as the relevant netfilter targets are IPv4-only (due to their relation to NAT, which IPv6 gets rid of).

The best solution, of course, is to have the application listen on the correct address and port to begin with, and then drop privileges.

If you really need to do this, because you have a poorly written application that can’t listen on ports below 1024, set up xinetd to do the port forwarding. For instance (this is untested):

service dumb-app
    flags       = IPv6
    type        = UNLISTED
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = root
    bind        = 2001:db8::f04d
    port        = 80
    redirect    = ::1 8000

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.