How check a port forwarded from localhost to localhost on.. localhost?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:
firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22
It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?
Thank you :)
Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.
Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.
networking iptables port-forwarding nat firewalld
add a comment |
I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:
firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22
It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?
Thank you :)
Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.
Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.
networking iptables port-forwarding nat firewalld
Can you show us the actual iptables rules that this command has set up?iptables -t filter -L -n
,iptables -t nat -L -n
,iptables -t mangle -L -n
– Josip Rodin
Jun 23 '15 at 9:21
...the objective being to see if it edited theOUTPUT
chains.
– Josip Rodin
Jun 23 '15 at 9:22
I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.
– nnsense
Jun 23 '15 at 13:49
Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for thisfirewall-cmd
, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?
– Josip Rodin
Jun 23 '15 at 18:48
add a comment |
I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:
firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22
It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?
Thank you :)
Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.
Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.
networking iptables port-forwarding nat firewalld
I'm learning about iptables, firewalling, routing and so on. I'm on Linux, Centos7, and I've set up a local port forwarding to localhost with:
firewall-cmd --add-forward-port=port=2023:proto=tcp:toport=22
It is working as expected, trying from another machine. Locally, is not visible. I've tried with netstat and ss, nmap lsof and nc. Nothing, all of them "sees" everything except the 2023, even if it is currently forwarding an ssh session.
After much reading, here on stackexchange I found a way to make it visible locally, (from iptables: redirect local request with NAT), but actually that is not a solution, it just made me understand why is not visible from local, but I really would like to know if exists a way to check it locally.. Or the only option is the remote connection?
Thank you :)
Edit:
The set up of the test machine is easy, just execute the firewall-cmd line I wrote in this question. No other rules added. Then test it with ssh (ore nmap) from outside: works. Check it from localhost itself: both ssh and nmap gives connection refused.
Edit2:
Sorry, I wrote the firewall-cmd line incorrectly with a :toaddr=127.0.0.1 at the end, fixed.
networking iptables port-forwarding nat firewalld
networking iptables port-forwarding nat firewalld
edited Apr 13 '17 at 12:36
Community♦
1
1
asked Jun 22 '15 at 21:26
nnsensennsense
1186
1186
Can you show us the actual iptables rules that this command has set up?iptables -t filter -L -n
,iptables -t nat -L -n
,iptables -t mangle -L -n
– Josip Rodin
Jun 23 '15 at 9:21
...the objective being to see if it edited theOUTPUT
chains.
– Josip Rodin
Jun 23 '15 at 9:22
I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.
– nnsense
Jun 23 '15 at 13:49
Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for thisfirewall-cmd
, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?
– Josip Rodin
Jun 23 '15 at 18:48
add a comment |
Can you show us the actual iptables rules that this command has set up?iptables -t filter -L -n
,iptables -t nat -L -n
,iptables -t mangle -L -n
– Josip Rodin
Jun 23 '15 at 9:21
...the objective being to see if it edited theOUTPUT
chains.
– Josip Rodin
Jun 23 '15 at 9:22
I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.
– nnsense
Jun 23 '15 at 13:49
Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for thisfirewall-cmd
, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?
– Josip Rodin
Jun 23 '15 at 18:48
Can you show us the actual iptables rules that this command has set up?
iptables -t filter -L -n
, iptables -t nat -L -n
, iptables -t mangle -L -n
– Josip Rodin
Jun 23 '15 at 9:21
Can you show us the actual iptables rules that this command has set up?
iptables -t filter -L -n
, iptables -t nat -L -n
, iptables -t mangle -L -n
– Josip Rodin
Jun 23 '15 at 9:21
...the objective being to see if it edited the
OUTPUT
chains.– Josip Rodin
Jun 23 '15 at 9:22
...the objective being to see if it edited the
OUTPUT
chains.– Josip Rodin
Jun 23 '15 at 9:22
I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.
– nnsense
Jun 23 '15 at 13:49
I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.
– nnsense
Jun 23 '15 at 13:49
Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this
firewall-cmd
, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?– Josip Rodin
Jun 23 '15 at 18:48
Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this
firewall-cmd
, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?– Josip Rodin
Jun 23 '15 at 18:48
add a comment |
1 Answer
1
active
oldest
votes
On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10
telnet 10.10.10.10 2023
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f211442%2fhow-check-a-port-forwarded-from-localhost-to-localhost-on-localhost%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10
telnet 10.10.10.10 2023
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
add a comment |
On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10
telnet 10.10.10.10 2023
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
add a comment |
On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10
telnet 10.10.10.10 2023
On the local machine use the IP of the interface in your test. For example if the IP is 10.10.10.10
telnet 10.10.10.10 2023
answered Jun 23 '15 at 4:18
rockyrocky
1,496515
1,496515
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
add a comment |
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
Exactly like all the other tools telnet sees 10.10.10.10 as a local address, so it's always a "Connection refused" as with localhost or 127.0.0.1. It makes perfectly sense thinking how netfilter is working. What i'm looking for is probably a tool, or an option of a tool already tried, that actually sees the forwarding as it is checking from outside. Or maybe just give up and accept is impossible to probe from localhost :D
– nnsense
Jun 23 '15 at 8:21
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f211442%2fhow-check-a-port-forwarded-from-localhost-to-localhost-on-localhost%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can you show us the actual iptables rules that this command has set up?
iptables -t filter -L -n
,iptables -t nat -L -n
,iptables -t mangle -L -n
– Josip Rodin
Jun 23 '15 at 9:21
...the objective being to see if it edited the
OUTPUT
chains.– Josip Rodin
Jun 23 '15 at 9:22
I've put an answer but was from the wrong pc ;) This are the right results: iptables -t filter -L -n, iptables -t nat -L -n, iptables -t mangle -L -n.
– nnsense
Jun 23 '15 at 13:49
Looks like it didn't, yet there's an intricate layout for other things. Have you consulted a manual for this
firewall-cmd
, does it have a provision for editing OUTPUT, whether through another switch or manually in the right place (where it won't override it)?– Josip Rodin
Jun 23 '15 at 18:48