Howto redirect traffic from local machine to internet back to local machine?

Discussion in 'Linux Networking' started by Martin Kahlert, Nov 25, 2005.

  1. Hi!

    I have the following problem:
    A program (malware) is running on my linux box and i want to check what it
    does.
    This program sends a lot of traffic to different IP addresses on the internet.
    I know the destination port(s), but i do not know the IP in advance.

    How can i redirect all traffic (with known dest port) originating from my
    local box to the internet back to my local machine?

    To make it clearer:
    Assume i want to redirect all connection attempts to external mail-servers
    coming from my local machine back to my own box.

    This is what i tried so far (my box has IP 192.168.100.182):
    # cat fw.sh

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -F
    iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 \
    -j DNAT --to 127.0.0.1:25

    but unfortunately, it does not work:
    $ telnet mail.gmx.net 25
    Trying 213.165.64.20...
    Connected to mail.gmx.net. <---- of course, that's not my machine
    Escape character is '^]'.
    220 {mp033} GMX Mailservices ESMTP

    The same happens with
    iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.182 --dport 25 \
    -j DNAT --to 127.0.0.1:25

    Why does this not work?

    Can any kind soul please help me?

    Thanks in advance!

    Regards
    Martin.
     
    Martin Kahlert, Nov 25, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.