iptables rule for forward incoming connections.

J

Jason Long

Guest
Hello all.
I used below command for forward incoming connections to other IP :

iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to 1.2.3.4

but when I ping my host from other systems packet not forwarded to 1.2.3.4

How can I solve it?
 


OP
J

JasKinasis

Guest
Ping uses the ICMP protocol, not TCP. So pinging the server will not cause the ping to be forwarded to 1.2.3.4 - Only TCP connections are forwarded (unless I misunderstood your iptables rule!).

Perhaps try connecting to port 22 (via whatever software you are running) and see if you end up redirected to the server on 1.2.3.4?
 
OP
R

ryanvade

Guest
maybe something like this:

Code:
netstat -r -t 1.2.3.4

as @JasKinasis said PING does not use TCP. Netstat can be used with TCP though.
 
OP
J

Jason Long

Guest
My Goal is that when a user want to scan me all his packets forwarded to 1.2.3.4. For example, The user use "Nmap" to scanning me but Nmap scanned 1.2.3.4 instead of me.

Any idea?
 
OP
J

Jason Long

Guest
I just open port 22 for ssh connection.
Any idea about my Goal?
 
OP
V

VitalkaDrug

Guest
Did you solve this task already? Do you still need any help with it?
 
OP
S

setgid

Guest
This isn't possible. nMap "pings" which uses ICMP(Internet Control Message Protocol), not TCP which you would use to forward it through IP Tables.
 
MALIBAL Linux Laptops

Linux Laptops Custom Built for You
MALIBAL is an innovative computer manufacturer that produces high-performance, custom laptops for Linux.

For more info, visit: https://www.malibal.com

Members online


Top