port forward in INPUT level

Question

I want to change the destination port of the ipv6 packet in the INPUT level.

So I tried to use ip6tables with nat in the INPUT level

but seems this command does not work

# ip6tables -t nat -I INPUT ! -i br0 -p TCP --dport 8080 -j REDIRECT --to-ports 80
ip6tables v1.2.7a: Unknown arg `--to-ports'
Try `ip6tables -h' or 'ip6tables --help' for more information.

I think beside the error returned by iptable, I think that nat is not working in the INPUT level.

So are there a solution to change the destination port of the ipv6 packet in the INPUT level?

I do not want to change it in the PREROUTING level since I do not want change the ipv6 packet that will be forwarded (not for loacal process)

@MichaelHampton I want to change the dest port of the received ipv6 packet with dst port = 8080 — MOHAMED, May 15 '15 at 14:36
What is your `ip6tables` version and your Linux Kernel version ? — krisFR, May 15 '15 at 18:20

score 2 · Answer 1 · edited May 16 '15 at 06:49

2

Try something along the lines of this:

ip6tables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80

Your packet would not be hitting the INPUT chain for the nat table. Incoming packets go through iptables like so:

On the wire -> raw:PREROUTING -> mangle:PREROUTING -> nat:PREROUTING - > routing decision -> mangle:INPUT -> filter:INPUT -> Daemon

edited May 16 '15 at 06:49

PersianGulf

596
6
21

answered May 15 '15 at 22:01

nubzzz

21
2

port forward in INPUT level

1 Answers1