How check a port forwarded from localhost to localhost on.. localhost?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:



firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22



It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?



Thank you :)



Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.



Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.










share|improve this question
























  • Can you show us the actual iptables rules that this command has set up? iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n

    – Josip Rodin
    Jun 23 '15 at 9:21











  • ...the objective being to see if it edited the OUTPUT chains.

    – Josip Rodin
    Jun 23 '15 at 9:22











  • I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.

    – nnsense
    Jun 23 '15 at 13:49












  • Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this firewall-cmd, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?

    – Josip Rodin
    Jun 23 '15 at 18:48

















1















I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:



firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22



It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?



Thank you :)



Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.



Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.










share|improve this question
























  • Can you show us the actual iptables rules that this command has set up? iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n

    – Josip Rodin
    Jun 23 '15 at 9:21











  • ...the objective being to see if it edited the OUTPUT chains.

    – Josip Rodin
    Jun 23 '15 at 9:22











  • I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.

    – nnsense
    Jun 23 '15 at 13:49












  • Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this firewall-cmd, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?

    – Josip Rodin
    Jun 23 '15 at 18:48













1












1








1








I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:



firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22



It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?



Thank you :)



Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.



Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.










share|improve this question
















I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:



firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22



It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?



Thank you :)



Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.



Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.







networking iptables port-forwarding nat firewalld






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 13 '17 at 12:36









Community

1




1










asked Jun 22 '15 at 21:26









nnsensennsense

1186




1186












  • Can you show us the actual iptables rules that this command has set up? iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n

    – Josip Rodin
    Jun 23 '15 at 9:21











  • ...the objective being to see if it edited the OUTPUT chains.

    – Josip Rodin
    Jun 23 '15 at 9:22











  • I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.

    – nnsense
    Jun 23 '15 at 13:49












  • Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this firewall-cmd, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?

    – Josip Rodin
    Jun 23 '15 at 18:48

















  • Can you show us the actual iptables rules that this command has set up? iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n

    – Josip Rodin
    Jun 23 '15 at 9:21











  • ...the objective being to see if it edited the OUTPUT chains.

    – Josip Rodin
    Jun 23 '15 at 9:22











  • I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.

    – nnsense
    Jun 23 '15 at 13:49












  • Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this firewall-cmd, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?

    – Josip Rodin
    Jun 23 '15 at 18:48
















Can you show us the actual iptables rules that this command has set up? iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n

– Josip Rodin
Jun 23 '15 at 9:21





Can you show us the actual iptables rules that this command has set up? iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n

– Josip Rodin
Jun 23 '15 at 9:21













...the objective being to see if it edited the OUTPUT chains.

– Josip Rodin
Jun 23 '15 at 9:22





...the objective being to see if it edited the OUTPUT chains.

– Josip Rodin
Jun 23 '15 at 9:22













I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.

– nnsense
Jun 23 '15 at 13:49






I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.

– nnsense
Jun 23 '15 at 13:49














Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this firewall-cmd, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?

– Josip Rodin
Jun 23 '15 at 18:48





Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this firewall-cmd, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?

– Josip Rodin
Jun 23 '15 at 18:48










1 Answer
1






active

oldest

votes


















0














On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10



telnet 10.10.10.10 2023





share|improve this answer























  • Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

    – nnsense
    Jun 23 '15 at 8:21











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f211442%2fhow-check-a-port-forwarded-from-localhost-to-localhost-on-localhost%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10



telnet 10.10.10.10 2023





share|improve this answer























  • Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

    – nnsense
    Jun 23 '15 at 8:21















0














On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10



telnet 10.10.10.10 2023





share|improve this answer























  • Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

    – nnsense
    Jun 23 '15 at 8:21













0












0








0







On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10



telnet 10.10.10.10 2023





share|improve this answer













On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10



telnet 10.10.10.10 2023






share|improve this answer












share|improve this answer



share|improve this answer










answered Jun 23 '15 at 4:18









rockyrocky

1,496515




1,496515












  • Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

    – nnsense
    Jun 23 '15 at 8:21

















  • Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

    – nnsense
    Jun 23 '15 at 8:21
















Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

– nnsense
Jun 23 '15 at 8:21





Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D

– nnsense
Jun 23 '15 at 8:21

















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f211442%2fhow-check-a-port-forwarded-from-localhost-to-localhost-on-localhost%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?