Altering a packet's port
Sertys
sertys at supportivo.org
Mon Mar 21 23:00:04 CET 2005
On Mon, 21 Mar 2005 15:43:44 -0500, Nicolas Ross
<rossnick-lists at cybercat.ca> wrote:
> Hi all !
>
> I have a quite "standard" setup as follow :
>
> 192.168.7.x/24 -> iptables/router SNAT --to-source a.b.c.d -> internet
>
> What I want to do, is that if a packet originites from the local net
> (192.168.7.x) on tcp port 22, that the final destination of the packet
> would wtill be the same host, but on port 8022...
>
> Like this :
>
> Normal :
>
> 192.168.7.1 ssh to f.g.h.i on port 22
>
> the connection is :
>
> 192.168.7.1:sport -> f.g.h.i:8022
>
> Is it possible ?
>
> I've tried with REDIRECT, but it afects the destination of the packet,
> but I don't want that...
>
> Thanks,
>
> Nicolas
Redirect works on local hooks. Just DNAT it, dude.
iptables -t nat -A PREROUTING -p tcp -s 192.168.x.x --dport 22 -j DNAT
--to-destination f.g.h.i:8022
It's crucial to define dport, not sport, cause your sport is not 22, it's
a client port > 1024 and random.
--
www.supportivo.org
I can't stop myself checking for pigs in the outlets. Everybody thinks i'm
a punk, cause of the hairstyle(220V).
end
More information about the netfilter
mailing list