Hi!
I have the following problem:
A program (malware) is running on my linux box and i want to check what it
does.
This program sends a lot of traffic to different IP addresses on the internet.
I know the destination port(s), but i do not know the IP in advance.
How can i redirect all traffic (with known dest port) originating from my
local box to the internet back to my local machine?
To make it clearer:
Assume i want to redirect all connection attempts to external mail-servers
coming from my local machine back to my own box.
This is what i tried so far (my box has IP 192.168.100.182):
# cat fw.sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 \
-j DNAT --to 127.0.0.1:25
but unfortunately, it does not work:
$ telnet mail.gmx.net 25
Trying 213.165.64.20...
Connected to mail.gmx.net. <---- of course, that's not my machine
Escape character is '^]'.
220 {mp033} GMX Mailservices ESMTP
The same happens with
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.182 --dport 25 \
-j DNAT --to 127.0.0.1:25
Why does this not work?
Can any kind soul please help me?
Thanks in advance!
Regards
Martin.
|
Similar Threads
Linear Mode
