From d349a2581c0d75ba754050bff7fd629efb454c67 Mon Sep 17 00:00:00 2001
From: Dr Nic Williams <drnicwilliams@gmail.com>
Date: Tue, 21 Mar 2017 17:59:11 +1000
Subject: [PATCH 1/3] missing -d flag from
 https://github.com/cloudfoundry-community/port-forwarding-boshrelease/blob/master/jobs/port_forwarding/templates/bin/forward_ports.sh.erb#L28

---
 jobs/port_forwarding/templates/bin/forward_ports.sh.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
index dfe889c..56612d0 100644
--- a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
+++ b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
@@ -30,7 +30,7 @@ sysctl net.ipv4.conf.all.route_localnet=0
 	<% internal_ip   = rule['internal_ip']   || "127.0.0.1" %>
 	<% internal_port = rule['internal_port'] || raise("Expected non-empty 'internal_port' on '#{rule.inspect}' rule") %>
 
-	sudo iptables -t nat -A portforwarding-release -p tcp --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
+	sudo iptables -t nat -A portforwarding-release -p tcp -d <%= spec.networks.send(spec.networks.methods(false).first).ip %> --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
 
 	<% if internal_ip == "127.0.0.1" %>
 		sysctl net.ipv4.conf.all.route_localnet=1

From 80ddd0558368970a7c60b42e3e8b8a9ce1f3a964 Mon Sep 17 00:00:00 2001
From: Dr Nic Williams <drnicwilliams@gmail.com>
Date: Wed, 22 Mar 2017 07:24:08 +1000
Subject: [PATCH 2/3] default external_ip to spec.address [thx @dpb587-pivotal]

---
 .../templates/bin/forward_ports.sh.erb               | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
index 56612d0..8863f71 100644
--- a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
+++ b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
@@ -26,11 +26,13 @@ iptables -F ${CHAIN} || true
 sysctl net.ipv4.conf.all.route_localnet=0
 
 <% p("networking.port_forwarding").each do |rule| %>
-	<% external_port = rule['external_port'] || raise("Expected non-empty 'external_port' on '#{rule.inspect}' rule") %>
-	<% internal_ip   = rule['internal_ip']   || "127.0.0.1" %>
-	<% internal_port = rule['internal_port'] || raise("Expected non-empty 'internal_port' on '#{rule.inspect}' rule") %>
-
-	sudo iptables -t nat -A portforwarding-release -p tcp -d <%= spec.networks.send(spec.networks.methods(false).first).ip %> --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
+	<%
+		external_ip   = rule['external_ip']   || spec.address
+		external_port = rule['external_port'] || raise("Expected non-empty 'external_port' on '#{rule.inspect}' rule")
+		internal_ip   = rule['internal_ip']   || "127.0.0.1"
+		internal_port = rule['internal_port'] || raise("Expected non-empty 'internal_port' on '#{rule.inspect}' rule")
+	-%>
+	sudo iptables -t nat -A portforwarding-release -p tcp -d <%= external_ip %> --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
 
 	<% if internal_ip == "127.0.0.1" %>
 		sysctl net.ipv4.conf.all.route_localnet=1

From ac65b4a384edd74784c3c1e779a050b2c2b79c0f Mon Sep 17 00:00:00 2001
From: Dr Nic Williams <drnicwilliams@gmail.com>
Date: Mon, 30 Oct 2017 16:51:15 +1000
Subject: [PATCH 3/3] always allow loopback access to forwared ports

---
 .../templates/bin/forward_ports.sh.erb               | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
index 8863f71..4347736 100644
--- a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
+++ b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
@@ -22,8 +22,7 @@ fi
 
 iptables -F ${CHAIN} || true
 
-# Reset in case when there is no localhost routing
-sysctl net.ipv4.conf.all.route_localnet=0
+sysctl net.ipv4.conf.all.route_localnet=1
 
 <% p("networking.port_forwarding").each do |rule| %>
 	<%
@@ -31,10 +30,11 @@ sysctl net.ipv4.conf.all.route_localnet=0
 		external_port = rule['external_port'] || raise("Expected non-empty 'external_port' on '#{rule.inspect}' rule")
 		internal_ip   = rule['internal_ip']   || "127.0.0.1"
 		internal_port = rule['internal_port'] || raise("Expected non-empty 'internal_port' on '#{rule.inspect}' rule")
-	-%>
+	%>
+	# external clients
 	sudo iptables -t nat -A portforwarding-release -p tcp -d <%= external_ip %> --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
 
-	<% if internal_ip == "127.0.0.1" %>
-		sysctl net.ipv4.conf.all.route_localnet=1
-	<% end %>
+	# loopback
+	sudo iptables -t nat -A portforwarding-release -p tcp -d 127.0.0.1 --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %> -o lo
+
 <% end %>