LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-17-2008, 07:37 AM   #1
1200
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Rep: Reputation: 0
iptables redirect address


Hi all,

i've a problem with redirecting the a internet address with iptables.

Situation: I have a eMail account at gmx.de and my University blocks the smtp server (mail.gmx.net) and i have a root server (yyy.strato.de). the idea is to redirect every query from yyy.strato.de:6025 to mail.gmx.net:25 so I could tell my eMail client to use yyy.strato.de:6025 as smtp server (but in fact uses mail.gmx.net:25)

I wrote a script which sets up iptables :

Code:
export WAN=venet0
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

iptables -A INPUT -p TCP --dport 6025 -i ${WAN} -j ACCEPT

iptables -t nat -A PREROUTING -p tcp  --dport 6025  -j DNAT --to mail.gmx.net:25
Btw.: iptables seems not to accept dns in this example but this isn't realy a problem, i can use a ip for this.

To find out if it works i changed this to $ssh_server:22 which is a ssh server i have access to and entered in the cmd

Code:
ssh -vv yyy.strato.de -p 6025
this takes some time and returns with
Code:
ssh: connect to host yyy.strato.net port 6025: Connection refused
If I change it to localhost:22 it logs in to yyy.strato.net

Has anybody a idea where is the problem ?

Sincerely Mazze
 
Old 04-17-2008, 11:45 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
I dont understand why you are trying to ssh to port 25 ?

But instead of doing this through iptables why dont you use ssh port forwarding

Code:
iptables -L 25 mail.gmx.de:25 yyy.strato.de
Or you can create a config file in ~/.ssh/config
Code:
Host m
Hostname yyy.strato.de
Localforward 25  mail.gmx.de:25
And bang you have given your firewall admin the slip.
 
Old 04-17-2008, 01:15 PM   #3
1200
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Ok, it seems i've not been clear enough, I want to forward port 25 but for testing i use port 22(ssh) instead.

But now to your solution, I really do not understand what
Code:
iptables -L 25 mail.gmx.de:25 yyy.strato.de
shout do.


Btw.: the firewall admin is trying to do this forwarding ;-)

Sincerely Mazze
 
Old 04-17-2008, 01:28 PM   #4
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
If you run that command you will be logged into your server in the background ssh will listen on 127.0.0.1:25 on the machine you are connecting from when you connection to 127.0.0.1 port 25 the connection will be forwarded through the ssh tunnel to your server which will make the connection to the gmx.de server.

If you want details of how it works google "ssh portforwarding"
 
Old 04-17-2008, 02:00 PM   #5
1200
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Sir, you are a genius!

I'm at home now and can't finally test it but it seems to work!

(I found a pretty good explanation about ssh tunneling at http://www.securityfocus.com/infocus/1816 )

I'll test it tomorrow and post the final results.

Sincerely Mazze

Last edited by 1200; 04-17-2008 at 02:02 PM.
 
Old 04-17-2008, 03:59 PM   #6
jbarbieri
LQ Newbie
 
Registered: Apr 2008
Posts: 7

Rep: Reputation: 0
Code:
ssh -L 25 mail.gmx.de:25 yyy.strato.de

Is actually the correct command, not iptables.


Then you just set your mail client to talk to localhost:25

I do it everyday.
 
Old 04-18-2008, 01:22 AM   #7
1200
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Alright, it even works at the University !

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables to redirect ip genderbender Linux - Networking 1 04-06-2008 01:53 AM
iptables redirect patvrs Linux - Networking 15 08-02-2005 08:31 AM
iptables redirect _ben_deb_ Linux - Networking 7 11-13-2004 05:06 AM
How do I get iptables to redirect my default gateway address? Paul Woodhouse Linux - Networking 3 11-11-2003 08:52 AM
e-mail address redirect? WorldBuilder Linux - Networking 6 05-18-2003 09:15 PM


All times are GMT -5. The time now is 07:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration