How to set up TCP forwarding?

pvgoran · October 5, 2018, 7:26am

I want to accept connections on port X and forward them to host Y port Z. Is there an easy way to set it up in Nixos?

This is not a NAT server, so I can’t use networking.nat.forwardPorts.

For now, I used xinetd, but the configuration was quite verbose:

services.xinetd.enable = true;
services.xinetd.services = [
  { name = "svn"; unlisted = true; port = 3690;
    server = "/usr/bin/env"; # not used if "redirect" is specified, but required by Nixos, *and* must be executable
    extraConfig = "redirect = ${legacyServer} 3690";
  }
];

Is there a better solution?

(I’ll probably submit a PR to introduce direct support for redirect in services.xinetd, but it will take some time to prepare it.)

volth · October 5, 2018, 1:55pm

networking.firewall.extraCommands     = "iptables -I FORWARD blablabla";
networking.firewall.extraStopCommands = "iptables -D FORWARD blablabla || true";

pvgoran · October 5, 2018, 2:50pm

Quick Internet search didn’t reveal how to do forwarding with iptables using just FORWARD (without PREROUTING, MASQUERADE, etc.).

Even if I found a way, this would be arguably even worse than the xinetd way.