Howto redirect traffic from local machine to internet back to local machine?

Post by Martin Kahler » Sat, 26 Nov 2005 17:40:05


I have the following problem:
A program (malware) is running on my linux box and i want to check what it
This program sends a lot of traffic to different IP addresses on the internet.
I know the destination port(s), but i do not know the IP in advance.

How can i redirect all traffic (with known dest port) originating from my
local box to the internet back to my local machine?

To make it clearer:
Assume i want to redirect all connection attempts to external mail-servers
coming from my local machine back to my own box.

This is what i tried so far (my box has IP
# cat

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -d ! --dport 25 \
         -j DNAT --to

but unfortunately, it does not work:
$ telnet 25
Connected to     <---- of course, that's not my machine
Escape character is '^]'.
220 {mp033} GMX Mailservices ESMTP

The same happens with
iptables -t nat -A PREROUTING -p tcp -d ! --dport 25 \
         -j DNAT --to

Why does this not work?

Can any kind soul please help me?

Thanks in advance!



