Friday, July 18, 2014

iptables port redirection example from localhost 127.0.0.1

0)
Create a Virtual Machine and add following iptables steps there.


1)
List all chains and rules in the NAT table

#sudo iptables -t nat -L -nv

2)
List all rules in the OUTPUT chain of NAT table

#sudo iptables -t nat -L OUTPUT -nv

3)
Add a port redirect rule to OUTPUT chain of NAT table

#sudo iptables -t nat -A OUTPUT -p tcp --dport 8083 -j REDIRECT --to-ports 8085

* All incoming traffic on port 8083 redirect to port 8085
* To test our rules from localhost. we shoult use OUTPUT chain of NAT table
* http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
* OUTPUT chain – NAT for locally generated packets on the firewall.
* http://www.thegeekstuff.com/2011/01/iptables-fundamentals/

* -t nat ==> Name of the table.
* -A OUTPUT ==> Name of the chain where we need to add the rule.

* -p tcp ==> Name of the Match
* -p tcp --dport 8083 ==> Name of the Match with match options
http://www.iptables.info/en/iptables-matches.html#TCPMATCHES
http://www.iptables.info/en/iptables-matches.html

* -j REDIRECT ==> Name of the target
* REDIRECT --to-ports 8085 ==> Name of the target/jump with options
http://www.iptables.info/en/iptables-targets-and-jumps.html#REDIRECTTARGET
http://www.iptables.info/en/iptables-targets-and-jumps.html

4)
Listen for an incoming connection/packet to port 8085

#netcat -l 8085

5)
Send a packet to port 8085 from same machine (127.0.0.1/localhost).

#telnet 127.0.0.1 8083

* This should work and you will get the messages send via telnet,  to port 8083 of virtual machine, in port 8085 of virtual machine.

6)
Delete rule

#sudo iptables -t nat -D OUTPUT -p tcp --dport 8083 -j REDIRECT --to-ports 8085

7)
List all rules in the OUTPUT chain of NAT table

#sudo iptables -t nat -L OUTPUT -nv







 

No comments:

Post a Comment