Develop Reference

linux iptables redirect outgoing traffic to local port [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I want redirect all outgoing traffic with port 8080 to local port 8080
for example i create server with this command nc -l -p 8080 and i want when use this command nc 1.2.3.4 8080 , nc redirect and connect to 127.0.0.1:8080
i try with this command:
iptables -t nat -A POSTROUTING -p tcp --dport 80 -o eth0 -j SNAT --to-source IP
but not worked!
how to do it?

Local originated traffic isn't passing through nat/POSTROUTING chain. You should add rule like this:
iptables -t nat -A OUTPUT -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8080
Additional info:
http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
http://www.linuxtopia.org/Linux_Firewall_iptables/index.html Chapter 4.

iptables to drop input connections to postgres [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
For testing, I need to drop all input connections to postgres db running on port 5432 on localhost. I set an iptables rule :
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 5432 -j DROP
But I am able to do read/write operations to the db. I used dbvisualizer as well as the product to test. What am I missing?
Thanks in advance.

The target DROP will just drop the packet, no further processing or forwarding.
try this:
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 5432

I am not sure if this is the right method but rule
iptables -A OUTPUT -p tcp --dport 5432 -j REJECT
worked as expected.

Did your server listen on localhost or ethernet nic network ip address?

iptables to forward port to another network [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a VDS running CentOS with two interfaces: eth0 and ham0. eth0 is my WAN interface and has external IP accessible from the Internet, and ham0 is an interface to a small VPN network (Logmein Hamachi).
There are three machines in the VPN network, one of them is a linux box at my home which runs Apache on port 80. This machine is behind ISP's NAT and cannot be seen from outside.
I want to create a rule on my VDS to forward connections to port 8081 coming from the Internet (eth0 interface) to this linux box inside my VPN network. Something like this:
[Internet] ---> [VDS server with public IP] ---> [Apache server inside VPN]
I used the following rules:
iptables -t nat -A PREROUTING -p tcp -d *external_ip* --dport 8081 -j DNAT --to *internal_ip*:80
iptables -A FORWARD -p tcp -d *internal_ip* --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp --dst *internal_ip* -j LOG --log-level warning --log-prefix "[REQUEST_FORWARDED]"
But it does not work. I can see a "REQUEST_FORWARDED" message in /var/log/messages, but when I go to the http://my_eternal_ip:8081/ in my browser, it tries to connect to the host for a very long time, and then shows a message that server did not respond.
What can cause this problem?

I guess you need to make sure "/proc/sys/net/ipv4/ip_forward" has been enabled, if not
echo 1 > /proc/sys/net/ipv4/ip_forward
Above command can help you allow IP forwarding.
Hope this helpful to you.

How to redirect ip address using iptables [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have small local network with 5 computers. My provider gave me real ip address (194.187...), but computers in the network cannot see it. So I have to make redirect on my router (with linux system), which will redirect real ip address (194.187...) to ip address which I have in provider's network (10.12.205.26).
How can I perform this with iptables on my router. Thanks.

I Hope this works for you :
Add (prerouting,postrouting) rules in you NAT table using
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source ip_address
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination ip_address
and then use :
iptables -t nat -A PREROUTING -d 194.187... -j DNAT --to-destination 10.12.205.26
iptables -t nat -A POSTROUTING -s 10.12.205.26 -j SNAT --to-source 194.187...

Port mirroring on Linux [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have Kippo running on my VPS, and I can't get it to run under port 1024 due to restrictions in Linux not allowing normal accounts to use ports under 1024. If I try, it gives an error with some Python gibberish about not being able to listen on a port under 1024.
I'd rather not run Kippo run as root just in case some how they get out of the Kippo enviroment.
So what I'm looking at doing is using IPTables to "Mirror" all traffic going to port 2222 on 22 so that a "bot" can see SSH running on port 22 and do its thing.
Is that feasible? If so, how?

Use a DNAT rule:
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 22 -j REDIRECT --to-port 2222
You may want to lock down further with specific IP address filters