From f6165d206ab0efaa3b28e5f09b79e6950d7af0e2 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Mon, 5 Aug 2024 13:37:49 +0000 Subject: [PATCH] fix(firewall): `VPN_PORT_FORWARDING_LISTENING_PORT` behavior fixed by not restricting the destination address to 127.0.0.1 --- internal/firewall/iptables.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/firewall/iptables.go b/internal/firewall/iptables.go index 80f690f1..c57ae5e5 100644 --- a/internal/firewall/iptables.go +++ b/internal/firewall/iptables.go @@ -210,9 +210,9 @@ func (c *Config) redirectPort(ctx context.Context, intf string, } err = c.runIptablesInstructions(ctx, []string{ - fmt.Sprintf("-t nat %s PREROUTING %s -d 127.0.0.1 -p tcp --dport %d -j REDIRECT --to-ports %d", + fmt.Sprintf("-t nat %s PREROUTING %s -p tcp --dport %d -j REDIRECT --to-ports %d", appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort), - fmt.Sprintf("-t nat %s PREROUTING %s -d 127.0.0.1 -p udp --dport %d -j REDIRECT --to-ports %d", + fmt.Sprintf("-t nat %s PREROUTING %s -p udp --dport %d -j REDIRECT --to-ports %d", appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort), }) if err != nil { @@ -221,9 +221,9 @@ func (c *Config) redirectPort(ctx context.Context, intf string, } err = c.runIP6tablesInstructions(ctx, []string{ - fmt.Sprintf("-t nat %s PREROUTING %s -d ::1 -p tcp --dport %d -j REDIRECT --to-ports %d", + fmt.Sprintf("-t nat %s PREROUTING %s -p tcp --dport %d -j REDIRECT --to-ports %d", appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort), - fmt.Sprintf("-t nat %s PREROUTING %s -d ::1 -p udp --dport %d -j REDIRECT --to-ports %d", + fmt.Sprintf("-t nat %s PREROUTING %s -p udp --dport %d -j REDIRECT --to-ports %d", appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort), }) if err != nil {