Results 1 to 4 of 4

Thread: iptables: redirecting single ip

  1. #1

    Default iptables: redirecting single ip

    I have: Workstation with OpenSuse 11.4 x64, single NetworkCard.
    Task. Redirects all local outgoing connection to ip x.x.x.x:80 to localhost:5222.

    Tried this command:
    iptables -t nat -A OUTPUT -p tcp -d x.x.x.x --dport 80 -j REDIRECT --to-ports 5222
    After adding this rule I can't connect x.x.x.x:80 anymore, connection hangs.
    There are no more rules in a 'nat' table.

    Also, I've tried to use DNAT command. Effect was the same.

    How to make it works?

  2. #2

    Default Re: iptables: redirecting single ip

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Having a LAN trace or /var/log/firewall output may help but where in your
    rule did you specify the destination host? I see the port, but will that
    just send to 5222 on the x.x.x.x machine rather than localhost?

    Good luck.





    On 04/05/2011 12:36 AM, a kireev wrote:
    >
    > I have: Workstation with OpenSuse 11.4 x64, single NetworkCard.
    > Task. Redirects all local outgoing connection to ip x.x.x.x:80 to
    > localhost:5222.
    >
    > Tried this command:
    > iptables -t nat -A OUTPUT -p tcp -d x.x.x.x --dport 80 -j REDIRECT
    > --to-ports 5222
    > After adding this rule I can't connect x.x.x.x:80 anymore, connection
    > hangs.
    > There are no more rules in a 'nat' table.
    >
    > Also, I've tried to use DNAT command. Effect was the same.
    >
    > How to make it works?
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.15 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJNmyxoAAoJEF+XTK08PnB5EAQP/iQzY31xT/aYvNTbDB8xTing
    /Cl+re8P5Z8X1LqxtKXeW0j51WaPp14fnhefMKOYqaGJ7MuLDdiJnxPKTxdnhJ5K
    J8rha2UQDRqNL8aMbIdVbHMfsxxR7D+++yq8iZLO95VyY99XGn4xrskqHsed27wB
    y9VebbKf9TEbvUuT/8zbA0lYLmCdjgTvy9nrstCrqhw1aw/HY/wPokcuf9/BQXYN
    AC3mwz5stmZM1m/Lm/0NUXwNp3kKnoCcLTq8luuTUZuxfVcWLA/2qHAChpKo0I9O
    pRvmQQ5vvdQ5Vqe1c8MlsvlFMMiVdOvycKqm44RPy9AoMpUzLCkGjIiSVuarkf0+
    vZJ1R+Bt9jVin4/1uYAlG2/iLf3emNf/PGLsrlOD6VkzjkNQPCllJFuwxMrWuYmh
    nXnlKakdpNcHt8KGpstOIKxzXnCrc72FkaDy24X47uJwLZ+XIczOQt//4w4MZqe7
    1tukqEMsY8vCVx5vN10HkH4OtofNUnwsDJfuCgIBV4cdndS9JD2OenW0q9K0X8g+
    2DavicH8qgrNPttJnMQH6Ld8D16CM6JjLECAVDiyUzMJWeIj4GbPxg05mR0JkGSt
    XKVQoZFrgwNhglu6EUAbHUq+NaAfusaEJQ1Obcmu4TrLF6Q1q3oe62iv5F9dY9Kh
    pldgs12lK8C3w+LDV2yR
    =uqbr
    -----END PGP SIGNATURE-----

  3. #3

    Default Re: iptables: redirecting single ip

    Somewhere I saw that iptables doesn't work properly on 'nat' table for 'OUTPUT' packages, is it?

    Accoring the manual 'REDIRECT' command rewrites package's target ip to local and port to specified.

    I want to reroute outgoing packages from local machine to local port 5222. That command looks ok, but doen't works.

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: iptables: redirecting single ip

    Your situation is similar to the rules that are used when all outgoing HTTP connections must be transparently directed to a web proxy, except that in your case you only want to enforce it for a single destination. You need a pair of rules, one to do the DNAT and the other to do the REDIRECT. See this HOWTO for squid and modify the two iptables rules there to limit the effect to one destination IP.

    Linux: Setup a transparent proxy with Squid in three easy steps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •