On Friday 01 January 2010 14:38:36 Etaoin Shrdlu wrote: > On Friday 01 January 2010, Alexander wrote: > > On Friday 01 January 2010 03:07:42 Etaoin Shrdlu wrote: > > > On Thursday 31 December 2009, Alexander wrote: > > > > Is there a way to redirect TCP connections from external network > > > > interfaces to the local/loopback in network 127.0.0.0/8? I need > > > > functionality like DNAT target in iptables. > > > > > > Uh...why don't you use DNAT then? > > > > This doesn't work, because kernel drops any packets that come from > > external network to 127.0.0.0/8. > > Of course it does. But in these cases, the workaround is assigning a > non-127 address to the lo interface, like 192.168.0.1/32 for example, and > DNAT to that address (and have whatever program should receive the data > listen on 192.168.0.1, of course).
This way eats some private network address range and this could be cause of a collisions with an external private networks. Reconfiguring services for a new ip ranges isn't so easy procedure in general (let's consider device that should work just out of the box with a trivial configutation efforts). Thus it's important use some subsets of 127.0.0.0/8 network for that. I have just been advised to look at net-misc/stone or net-proxy/haproxy (thanks to has been adviced), but I'm not sure that this will work like DNAT.