重定向ip6tables中的端口

Question

如何使用IP6tables将一个端口重定向到另一个本地端口？例如，类似的内容：ip6tables -t nat -a prerouting -j redirect -p tcp -dport 443-到港口8443

Answer 1

ip6tables 不支持 REDIRECT. 。 （通常人们在NAT环境中使用它，而NAT通常不受IPv6的支持。）

如果您需要做的就是将作为普通用户绑定到低端口，为什么不尝试在 这个答案？当然，就tomcat而言，这听起来意味着给出任何能力的Java过程。

Answer 2

好吧，这是一个古老的问题，但是由于我需要做同样的事情……这就是我发现的：

TPROXY

This target is only valid in the mangle table, in the PREROUTING chain and user-defined chains which are only called from this chain. It redirects the packet to a local socket without changing the packet header in any way. It can also change the mark value which can then be used in advanced routing rules. It takes three options:
--on-port port
    This specifies a destination port to use. It is a required option, 0 means the new destination port is the same as the original. This is only valid if the rule also specifies -p tcp or -p udp. 
--on-ip address
    This specifies a destination address to use. By default the address is the IP address of the incoming interface. This is only valid if the rule also specifies -p tcp or -p udp. 
--tproxy-mark value[/mask]
    Marks packets with the given value/mask. The fwmark value set here can be used by advanced routing. (Required for transparent proxying to work: otherwise these packets will get forwarded, which is probably not what you want.)

当然，这仅适用于IP6Tables。所以我想这是有效的：

ip6tables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --on-port 8443

但是，我还没有尝试。