Is it possible to redirect outgoing connection back to localhost using iptables?
For example, if php script requests someonlinesite.com/bla.php then it would redirect to 127.0.0.1/bla.php
OS: Debian 7
The question does not really make much sense the way it currently is asked.
Most likely you are trying to redirect a http request? Then you should take a closer look at your systems name resolution, since that is the step that translates the host name someonlinesite.com to an ip address. So that is where you want to manipulate.
You might also want to consider using a proxy as an alternative. But a pure iptables based solution is questionable, since in typical setups the local http server will not react to incoming requests to a remote ip address...
try with:
iptables -t nat -A OUTPUT -d 0/0 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80
Thank you for replies, i managed to do it with hosts file.
/etc/hosts
127.0.0.1 domain.com
Now it redirects always to localhost when script tryes to reach domain.com
Related
I am using AWS lightsail for the first time. I cloned my git repository to my htdocs and opened port 3000 on my networking ipv4 firewall. What im trying to do is load my node site with my aws static IP. It currently works when I specify the specific port like: 98.222.124.4:3000 but I wanted it to load the site without having to specify the port so I followed the steps found here https://docs.bitnami.com/ibm/infrastructure/nodejs/administration/create-custom-application-nodejs/ under "Create A Custom Virtual Host" but the specified method is not working. I still need to specify the port in order for the site to load. What I basically did was edit the documentRoot and directory paths to my repositories location then restarted apache but this didn't let me access the site without the port. Where did I go wrong. How can I load the site without specifying a port in the url?
It took me a minute to land on this solution but the only method that worked was this:
First try this after installing iptables:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
What you basically did is forward all port 80 traffic to port 3000. Then check and see if site is loading without specifying the port in URL. If it works go to step 2.
Step 2:
open the /etc/rc.local file with vim or other editor and add
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000 to the file. Notice sudo is not included because the file already runs as root. We are implementing step 2 because we want the port redirected when the machine boots up.
I am looking for the right command to open ports only to specific domains. The domain and its subdomain, go to the same server (CentOS)
However, for security reasons, I only want to open the posts on specific subdomains.
On the other domains the ports should not be reachable, so the ftp port 21 should only be open on ftp.domain.com and not on e.g. ssh.domain.com or mysql.domain.com
So I want to block everything (exclude port 80 and 443) and only allow specific ports to specific domains.
example
21 on ftp.domain.com
22 on ssh.domain.com
3306 on mysql.domain.com
I know it should work with iptables, but unfortunately I have trouble finding the right command.
I have found this only but i will only accept incoming ports.
iptables -A OUTPUT -p udp --sport 53 -m string --string "google.com" --algo bm -j ACCEPT
Maybe you have a more elegant solution than iptables.
You can do this by using some reverse proxy server. The proxy server can filter the desired traffic to the actual service.
So how it will work is -
Let all your request come to reverse proxy server. eg. HAPROXY or nginx (both work at Layer 4 and 7)
Put a rule for the hostname in the proxy server config.
Forward the desired traffic to the actual host.
Machine: CentOS 6.2
I've had a Perl script which I've been using for ages, which has previously had no problem (and still doesn't) fetching data using LWP from port 80 locations. However, attempting to fetch from https locations, on port 443, always fails.
To simplify the diagnostics, I figured I'd try the same idea from the command line using cURL and wget, but these also fail with https, while they also both work fetching regular http data.
Figuring that the same problem affects all three methods, I'm trying to ascertain exactly what it is that might be wrong, and how to fix it. It's a dedicated server, and I have root access so I can pretty much do what I want to.
I've tried forcing cURL to use ipv4, and a bunch of other flags that looked interesting, but I always end up with the requests failing with "curl: (7) couldn't connect to host".
$ cat debugdump.txt
== Info: About to connect() to www.xyz.com port 443 (#0)
== Info: Trying 194.xxx.xxx.xx... == Info: Connection timed out
== Info: couldn't connect to host
== Info: Closing connection #0
... and similar connection time-outs with wget as well.
If I try fetching the same data with http, and with the -L flag (to follow redirects) then it will similarly fail on the secure portion of it.
So, basically I want to be able to retrieve remote data served via https, but am currently unable to do so. I know I definitely should be able to. I've spent ages trying to resolve this, but so far to no avail. Any useful information to help solve the problem would be much appreciated. Thanks!
Edit
Additional info: I'm not really too familiar with firewalls, but FYI, the entries in /etc/sysconfig/iptables relating to port 443 are:
-A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW -j Cid2676X....
-A OUTPUT -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW -j Cid2676X...
However, I'm not sure why/if I'd need to open port 443 (if it's not already open) anyway; I mean, I'm fetching from port 443 on another server, not listening for traffic on my 443; surely I'm using some other random port on my own machine to fetch with?
Edit 2
Figured out that if I temporarily disable the iptables then the problem goes away. Of course, I need to have the iptables active, so I need to know what it is about the iptables that is preventing me fetching from secure sites. Suggestions welcome.
I'm trying to make an imap server from scratch in node.js (primarily to learn about node.js and imap protocol).
How do I direct traffic from the imap subdomain (imap.mydomain.com) to port 143 on the server (where my server code is listening). I've updated iptables with this rule:
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
But it still doesn't work.
My DNS is like this:
A record - mydomain.com => 1.1.1.1 (my example ip address)
CNAME record - mail.mydomain.com => mydomain.com
mydomain.com redirects and is handled by apache. Could apache be overruling it? Maybe I need to add a host in /etc/hosts for the sub-domain?
Also, when doing telnet:
telnet 1.1.1.1 143
I get a "no route to host" error. So that tells me the route direct via the ip from the sub-domain doesn't work either...
I've checked out dovecot and postfix and it seems like they handle the port listening internally, so I couldn't see any clues from their install / config instructions.
It would be great if anyone could offer instructions on how to make sure the imap.mydomain.com subdomain properly forwards to the imap server.
Thanks!!!
There is no redirection or forwarding. IMAP is simply a different protocol than HTTP (i.e. "web") and to use IMAP the server has to listen on port 143 and the client has to connect to this port. Just look at the settings of your mail client.
Good day,
I have a setup in which I am routing my received packets at my Mikrotik router to a squid server.
I also can see the incoming traffic with Tcpdump that it is actually ariving # the correct port (443) on Squid Proxy server.
On the next step I have
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 10.0.2.51:3127
(that is all I have on iptable rules)
Which routes the received 443 traffic to port 3127 which is my squid SSL port.
I am getting page not found error on my browser.
Now I know that my Squid is setup correctly, because when I input the proxy server adress manually 10.0.2.51:3127 for SSL in the Mozilla browser all is working great, all SSL pages are logged with SSLbump.
Could someone please help with figuring out why this isn't working correctly, I am quite new to proxies?
You are DNATing packets going to the proxy.
But are you SNATing the packets coming back from the proxy ?