also traffic from local machine doesn't pass through PREROUTING chain.
add this rule to OUTPUT chain of NAT table.
ruben@xxxxxxxx wrote:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and
OUTPUT chains, and user-defined chains which are only called from
those chains.
It alters the destination IP address to send the packet to the
machine itself (locally-generated packets are mapped to the
127.0.0.1 address). It
takes one option:
--to-ports port[-port]
This specifies a destination port or range of ports to use:
without this, the destination port is never altered. This
is only valid if the
rule also specifies -p tcp or -p udp.
- Ruben
Hi!
Unfortunately i did not find a proper answer on the web although i googled
around for quite a lot of time:
I want to analyse a malware on my computer. The malware connects to a
lot of sites on the internet (hard coded in the program but unfortunately
these IPs are encrypted).
I know the port the program wants to connect to and i want to answer its
requests by a script on the same machine.
I tried this for a test to catch connections to mail servers:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 -j
DNAT
--to 127.0.0.1:25
But it does not work:
$ telnet mail.gmx.net 25
Trying 213.165.64.21...
Connected to mail.gmx.net. <--- of course, that's not my box
Escape character is '^]'.
220 {mp027} GMX Mailservices ESMTP
I assume the problem has something to do that the packets are generated
on the "iptables-machine". Unfortunately, i only have this machine and
thus
i cannot send the packets through a second firewall-machine.
I would be very happy if any kind soul could give me a hint!
Thanks in advance,
Martin.
--
If you are good, you will be assigned all the work. If you are real good, you will get out of it
