iptables rule for forward incoming connections.

[Jason Long]

Hello all.
I used below command for forward incoming connections to other IP :

iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to 1.2.3.4

but when I ping my host from other systems packet not forwarded to 1.2.3.4

How can I solve it?

 

[JasKinasis]

Ping uses the ICMP protocol, not TCP. So pinging the server will not cause the ping to be forwarded to 1.2.3.4 - Only TCP connections are forwarded (unless I misunderstood your iptables rule!).

Perhaps try connecting to port 22 (via whatever software you are running) and see if you end up redirected to the server on 1.2.3.4?

 

[ryanvade]

maybe something like this:

netstat -r -t 1.2.3.4

as @JasKinasis said PING does not use TCP. Netstat can be used with TCP though.

 

[Jason Long]

My Goal is that when a user want to scan me all his packets forwarded to 1.2.3.4. For example, The user use "Nmap" to scanning me but Nmap scanned 1.2.3.4 instead of me.

Any idea?

 

[Jason Long]

I just open port 22 for ssh connection.
Any idea about my Goal?

 

[Jason Long]

is it impossible?

 

[VitalkaDrug]

Did you solve this task already? Do you still need any help with it?

 

[setgid]

This isn't possible. nMap "pings" which uses ICMP(Internet Control Message Protocol), not TCP which you would use to forward it through IP Tables.