iptables rule for forward incoming connections.


Jason Long

Hello all.
I used below command for forward incoming connections to other IP :

iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to

but when I ping my host from other systems packet not forwarded to

How can I solve it?

Ping uses the ICMP protocol, not TCP. So pinging the server will not cause the ping to be forwarded to - Only TCP connections are forwarded (unless I misunderstood your iptables rule!).

Perhaps try connecting to port 22 (via whatever software you are running) and see if you end up redirected to the server on
maybe something like this:

netstat -r -t

as @JasKinasis said PING does not use TCP. Netstat can be used with TCP though.
My Goal is that when a user want to scan me all his packets forwarded to For example, The user use "Nmap" to scanning me but Nmap scanned instead of me.

Any idea?
I just open port 22 for ssh connection.
Any idea about my Goal?
Did you solve this task already? Do you still need any help with it?
This isn't possible. nMap "pings" which uses ICMP(Internet Control Message Protocol), not TCP which you would use to forward it through IP Tables.

Members online

Latest posts