0)
Create a Virtual Machine and add following iptables steps there.
1)
List all chains and rules in the NAT table
#sudo iptables -t nat -L -nv
2)
List all rules in the OUTPUT chain of NAT table
#sudo iptables -t nat -L OUTPUT -nv
3)
Add a port redirect rule to OUTPUT chain of NAT table
#sudo iptables -t nat -A OUTPUT -p tcp --dport 8083 -j REDIRECT --to-ports 8085
* All incoming traffic on port 8083 redirect to port 8085
* To test our rules from localhost. we shoult use OUTPUT chain of NAT table
* http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
* OUTPUT chain – NAT for locally generated packets on the firewall.
* http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
* -t nat ==> Name of the table.
* -A OUTPUT ==> Name of the chain where we need to add the rule.
* -p tcp ==> Name of the Match
* -p tcp --dport 8083 ==> Name of the Match with match options
http://www.iptables.info/en/iptables-matches.html#TCPMATCHES
http://www.iptables.info/en/iptables-matches.html
* -j REDIRECT ==> Name of the target
* REDIRECT --to-ports 8085 ==> Name of the target/jump with options
http://www.iptables.info/en/iptables-targets-and-jumps.html#REDIRECTTARGET
http://www.iptables.info/en/iptables-targets-and-jumps.html
4)
Listen for an incoming connection/packet to port 8085
#netcat -l 8085
5)
Send a packet to port 8085 from same machine (127.0.0.1/localhost).
#telnet 127.0.0.1 8083
* This should work and you will get the messages send via telnet, to port 8083 of virtual machine, in port 8085 of virtual machine.
6)
Delete rule
#sudo iptables -t nat -D OUTPUT -p tcp --dport 8083 -j REDIRECT --to-ports 8085
7)
List all rules in the OUTPUT chain of NAT table
#sudo iptables -t nat -L OUTPUT -nv
Create a Virtual Machine and add following iptables steps there.
1)
List all chains and rules in the NAT table
#sudo iptables -t nat -L -nv
2)
List all rules in the OUTPUT chain of NAT table
#sudo iptables -t nat -L OUTPUT -nv
3)
Add a port redirect rule to OUTPUT chain of NAT table
#sudo iptables -t nat -A OUTPUT -p tcp --dport 8083 -j REDIRECT --to-ports 8085
* All incoming traffic on port 8083 redirect to port 8085
* To test our rules from localhost. we shoult use OUTPUT chain of NAT table
* http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
* OUTPUT chain – NAT for locally generated packets on the firewall.
* http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
* -t nat ==> Name of the table.
* -A OUTPUT ==> Name of the chain where we need to add the rule.
* -p tcp ==> Name of the Match
* -p tcp --dport 8083 ==> Name of the Match with match options
http://www.iptables.info/en/iptables-matches.html#TCPMATCHES
http://www.iptables.info/en/iptables-matches.html
* -j REDIRECT ==> Name of the target
* REDIRECT --to-ports 8085 ==> Name of the target/jump with options
http://www.iptables.info/en/iptables-targets-and-jumps.html#REDIRECTTARGET
http://www.iptables.info/en/iptables-targets-and-jumps.html
4)
Listen for an incoming connection/packet to port 8085
#netcat -l 8085
5)
Send a packet to port 8085 from same machine (127.0.0.1/localhost).
#telnet 127.0.0.1 8083
* This should work and you will get the messages send via telnet, to port 8083 of virtual machine, in port 8085 of virtual machine.
6)
Delete rule
#sudo iptables -t nat -D OUTPUT -p tcp --dport 8083 -j REDIRECT --to-ports 8085
7)
List all rules in the OUTPUT chain of NAT table
#sudo iptables -t nat -L OUTPUT -nv
No comments:
Post a Comment