DNAT is not possible for circular traffic.
I have found many similar questions. 1 , 2 , 3 , etc.
According to RFC 5735, the network 127.0.0.0/8 should not be routed outside the host itself:
127.0.0.0/8 - This block is assigned to be used as the loopback address of the Internet host. A datagram sent by a higher level protocol for an address somewhere inside this block goes back inside the host. This is usually implemented using only 127.0.0.1/32 for loopback. As described in [RFC1122], Section 3.2.1.3, addresses for a total of 127.0.0.0/8 are not blocked in any network anywhere.
RFC 1700 , p. 5, "Should never appear outside the host."
There is one way out: use inetd .
There are many built-in servers, xinetd, etc.
My choice was rinetd.
I am using this guide http://www.howtoforge.com/port-forwarding-with-rinetd-on-debian-etch
My config is as follows:
$ cat /etc/rinetd.conf
I will restart rinetd:
$ /etc/init.d/rinetd restart Stopping internet redirection server: rinetd. Starting internet redirection server: rinetd.
And the redirection works like a charm.
I will not close this question myself, because I'm still looking for a more elegant solution to such a problem. It is unlikely that any animal, netcat or inetd, would do this; it does not matter. It's my opinion.