在ip6tables中重定向端口

Question

如何使用ip6tables将一个端口重定向到另一个本地端口？例如: ip6tables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 443 --to--ports 8443

Answer 1

ip6tables不支持REDIRECT。(通常人们在NAT环境中使用NAT，而IPv6通常不支持NAT。)

如果您所需要做的就是以普通用户身份绑定到低端口，为什么不尝试this answer中描述的解决方法？当然，在Tomcat的情况下，这听起来像是要为任何Java进程提供该功能。

Answer 2

这是一个老问题，但由于我需要做同样的事情，…这是我发现的：

TPROXY

This target is only valid in the mangle table, in the PREROUTING chain and user-defined chains which are only called from this chain. It redirects the packet to a local socket without changing the packet header in any way. It can also change the mark value which can then be used in advanced routing rules. It takes three options:
--on-port port
    This specifies a destination port to use. It is a required option, 0 means the new destination port is the same as the original. This is only valid if the rule also specifies -p tcp or -p udp. 
--on-ip address
    This specifies a destination address to use. By default the address is the IP address of the incoming interface. This is only valid if the rule also specifies -p tcp or -p udp. 
--tproxy-mark value[/mask]
    Marks packets with the given value/mask. The fwmark value set here can be used by advanced routing. (Required for transparent proxying to work: otherwise these packets will get forwarded, which is probably not what you want.)

当然，这只对ip6tables有效。所以我猜这是有效的：

ip6tables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --on-port 8443

然而，我还没有尝试过。