Iptables - Redirect outbound traffic on a port to inbound traffic on 127.0.0.1
You want to use the iptables REDIRECT target.
iptables -t nat -A OUTPUT -p tcp -d 1.2.3.4 --dport 80 -j REDIRECT
The iptables manpage specifies a single option to REDIRECT that allows you to change the port.
That option is --to-ports
.
Related videos on Youtube
GoldenNewby
Updated on September 18, 2022Comments
-
GoldenNewby almost 2 years
Is there a way to redirect traffic set to go out of the server to another IP, back to the server on localhost (preferably as if it was coming from the original destination)?
I'd basically like to be able to set up my own software that listens on say, port 80, and receives traffic that was sent to say, 1.2.3.4.
So as an example with some code. Here would be the server:
my $server = IO::Socket::INET->new( LocalAddr => '127.0.0.1', LocalPort => '80', Listen => 128, );
And that would receive traffic from the following client:
my $client = IO::Socket::INET->new( PeerAddr => 'google.com', PeerPort => '80', )
So rather than having the client be connecting to google.com, it would be connecting to the server I have listening on localhost for that same server.
My intention is to use this to catch malware connecting to remote hosts.
I don't specifically need the traffic to be redirected to 127.0.0.1, but it needs to be redirected to an IP the same machine can listen to.
Edit: I've tried the following, and it doesn't work--
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 iptables -t nat -A POSTROUTING -j MASQUERADE
-
GoldenNewby about 12 yearsIt doesn't work for what I'm trying to do. It looks to me like that takes any traffic on port 80 to 1.2.3.4 and changes the port to something else, but it still goes to 1.2.3.4. I need it to go to localhost on the same machine the request originates from.
-
dmourati about 12 yearsThat's what REDIRECT does. It redirects the packet to the machine itself by changing the destination IP to the primary address of the incoming interface (locally-generated packets are mapped to the 127.0.0.1 address).
-
dmourati about 12 yearsClear out all your iptables rules and just set the one I mentioned above to verify.
-
GoldenNewby about 12 yearsI wasn't able to get this working-- is the socket option required for the client and the server?
-
Martino Dino about 12 yearsNo, it simply "sniffs" for all the traffic directed to that port regardless of IP dst or dst port etc. But looking back this applies to traffic going trough your box and not originating from it. You should be able to adapt the "sniffer" socket binarytides.com/blog/… from that website
-
GoldenNewby about 12 yearsSorry for the delay in the promised bounty, I'll be awarding it one I can (at least 24 hours).