REDIRECT This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It alters the destination IP address to send the packet to the machine itself (locally-generated packets are mapped to the 127.0.0.1 address). It takes one option: --to-ports port[-port] This specifies a destination port or range of ports to use: without this, the destination port is never altered. This is only valid if the rule also specifies -p tcp or -p udp. - Ruben > Hi! > > Unfortunately i did not find a proper answer on the web although i googled > around for quite a lot of time: > > I want to analyse a malware on my computer. The malware connects to a > lot of sites on the internet (hard coded in the program but unfortunately > these IPs are encrypted). > > I know the port the program wants to connect to and i want to answer its > requests by a script on the same machine. > > I tried this for a test to catch connections to mail servers: > > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables -t nat -F > iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 -j > DNAT > --to 127.0.0.1:25 > > But it does not work: > > $ telnet mail.gmx.net 25 > Trying 213.165.64.21... > Connected to mail.gmx.net. <--- of course, that's not my box > Escape character is '^]'. > 220 {mp027} GMX Mailservices ESMTP > > I assume the problem has something to do that the packets are generated > on the "iptables-machine". Unfortunately, i only have this machine and > thus > i cannot send the packets through a second firewall-machine. > > I would be very happy if any kind soul could give me a hint! > > Thanks in advance, > Martin. > >