REDIRECT
This target is only valid in the nat table, in the PREROUTING and
OUTPUT chains, and user-defined chains which are only called from
those chains.
It alters the destination IP address to send the packet to the
machine itself (locally-generated packets are mapped to the
127.0.0.1 address). It
takes one option:
--to-ports port[-port]
This specifies a destination port or range of ports to use:
without this, the destination port is never altered. This
is only valid if the
rule also specifies -p tcp or -p udp.
- Ruben
> Hi!
>
> Unfortunately i did not find a proper answer on the web although i googled
> around for quite a lot of time:
>
> I want to analyse a malware on my computer. The malware connects to a
> lot of sites on the internet (hard coded in the program but unfortunately
> these IPs are encrypted).
>
> I know the port the program wants to connect to and i want to answer its
> requests by a script on the same machine.
>
> I tried this for a test to catch connections to mail servers:
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -F
> iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 -j
> DNAT
> --to 127.0.0.1:25
>
> But it does not work:
>
> $ telnet mail.gmx.net 25
> Trying 213.165.64.21...
> Connected to mail.gmx.net. <--- of course, that's not my box
> Escape character is '^]'.
> 220 {mp027} GMX Mailservices ESMTP
>
> I assume the problem has something to do that the packets are generated
> on the "iptables-machine". Unfortunately, i only have this machine and
> thus
> i cannot send the packets through a second firewall-machine.
>
> I would be very happy if any kind soul could give me a hint!
>
> Thanks in advance,
> Martin.
>
>
