REDIRECT a port in ip6tables

Question

How can I redirect one port to another local port by using ip6tables ? e.g. something like this : ip6tables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 443 --to-ports 8443<

Answer 1

Well this is an old question, but since I need to do the same thing… Here is what I've found:

TPROXY

This target is only valid in the mangle table, in the PREROUTING chain and user-defined chains which are only called from this chain. It redirects the packet to a local socket without changing the packet header in any way. It can also change the mark value which can then be used in advanced routing rules. It takes three options:
--on-port port
    This specifies a destination port to use. It is a required option, 0 means the new destination port is the same as the original. This is only valid if the rule also specifies -p tcp or -p udp. 
--on-ip address
    This specifies a destination address to use. By default the address is the IP address of the incoming interface. This is only valid if the rule also specifies -p tcp or -p udp. 
--tproxy-mark value[/mask]
    Marks packets with the given value/mask. The fwmark value set here can be used by advanced routing. (Required for transparent proxying to work: otherwise these packets will get forwarded, which is probably not what you want.)

This is valid for ip6tables only, of course. So I guess that this is valid:

ip6tables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --on-port 8443

However, I didn't try it yet.

Answer 2

ip6tables does not support REDIRECT. (Normally people use this in a NAT environment, and NAT is generally not supported with IPv6.)

If all you need to do is bind to the low port as a normal user, why not try the workaround described in this answer? Of course, in the case of Tomcat, it sounds like this would mean giving any Java process that capability.