Howto redirect traffic from local machine to internet back to local machine?

Howto redirect traffic from local machine to internet back to local machine?

Post by Martin Kahler » Sat, 26 Nov 2005 17:40:05



Hi!

I have the following problem:
A program (malware) is running on my linux box and i want to check what it
does.
This program sends a lot of traffic to different IP addresses on the internet.
I know the destination port(s), but i do not know the IP in advance.

How can i redirect all traffic (with known dest port) originating from my
local box to the internet back to my local machine?

To make it clearer:
Assume i want to redirect all connection attempts to external mail-servers
coming from my local machine back to my own box.

This is what i tried so far (my box has IP 192.168.100.182):
# cat fw.sh

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 \
         -j DNAT --to 127.0.0.1:25

but unfortunately, it does not work:
$ telnet mail.gmx.net 25
Trying 213.165.64.20...
Connected to mail.gmx.net.     <---- of course, that's not my machine
Escape character is '^]'.
220 {mp033} GMX Mailservices ESMTP

The same happens with
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.182 --dport 25 \
         -j DNAT --to 127.0.0.1:25

Why does this not work?

Can any kind soul please help me?

Thanks in advance!

Regards
Martin.

 
 
 

1. Local pop, ftp and telnet not working to local machine.

When I try to pop into my Linux server it says pop server not
available.  Sendmail is running, and my customers can get mail with no
problems.

I am currently connected to my Linux server via twisted pair.

Plus ! I can go out to the web with no problem, but can't telnet, pop,
or ftp  to my server.

Thank you for your time.

Please help.

2. INN and Linux: "436 No space"

3. Enable sending network traffic to local machine over external interfaces.

4. User accounting for ISP's

5. Why does bad host name resolve back to local machine?

6. binding socket

7. Redirecting ftp to local machine

8. Emacs Lock

9. Howto get the local machine IP in C?

10. Linux machine need local network & internet IP address?

11. How to restrict Internet Access on local (kiosk) machine?

12. connecting machine to internet via modem causes loss of local network access

13. Machines on local area network can't access internet