fix(firewall): VPN_PORT_FORWARDING_LISTENING_PORT behavior fixed

by not restricting the destination address to 127.0.0.1
qdm12 · Aug 5, 2024 · f6165d2 · f6165d2
1 parent 8dbe7b8
commit f6165d2
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/internal/firewall/iptables.go b/internal/firewall/iptables.go
@@ -210,9 +210,9 @@ func (c *Config) redirectPort(ctx context.Context, intf string,
 	}
 
 	err = c.runIptablesInstructions(ctx, []string{
-		fmt.Sprintf("-t nat %s PREROUTING %s -d 127.0.0.1 -p tcp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p tcp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
-		fmt.Sprintf("-t nat %s PREROUTING %s -d 127.0.0.1 -p udp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p udp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
 	})
 	if err != nil {
@@ -221,9 +221,9 @@ func (c *Config) redirectPort(ctx context.Context, intf string,
 	}
 
 	err = c.runIP6tablesInstructions(ctx, []string{
-		fmt.Sprintf("-t nat %s PREROUTING %s -d ::1 -p tcp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p tcp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
-		fmt.Sprintf("-t nat %s PREROUTING %s -d ::1 -p udp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p udp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
 	})
 	if err != nil {