LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   redirect local traffic to another local IP. ?iptables (https://www.linuxquestions.org/questions/linux-networking-3/redirect-local-traffic-to-another-local-ip-iptables-4175512646/)

jschwalbe 07-29-2014 02:03 PM
redirect local traffic to another local IP. ?iptables
 
Greetings.

I'm trying to redirect (actually, capture) traffic from one internal device to another. They are all on the same network, which is run by a dd-wrt router. I was working with DNSMasq (which allowed me to set the Gateway to my proxy server and collect externally destined traffic), but I wasn't able to catch info between the two devices.

From the router I tried a few iptables commands, namely:
iptables -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.15.134
iptables -A PREROUTING -d 192.168.10.114 -p tcp -j DNAT --to-destination 192.168.15.134
iptables -A PREROUTING -d 192.168.10.114 -p tcp -j DNAT --to-destination 192.168.15.134 -t nat
without any success.

192.168.10.130 = a device trying to connect to another device, the handshake I'd like to catch.
192.168.10.114 = the second device, to which it is communicating
192.168.10.134 = my personal computer with a proxy set up (could use nc instead but mitmproxy works well for most things)

The ports I believe the two devices to talk on are 8080, 9000 and 10000.

Any suggestions on how to redirect all internal traffic from 192.168.10.130 to 192.168.10.134? Many thanks!

mcresist 07-29-2014 03:24 PM
Howdy,

Quote:
Any suggestions on how to redirect all internal traffic from 192.168.10.130 to 192.168.10.134? Many thanks!
I believe you are missing a rule that allows FORWARDING

See: http://www.fclose.com/816/port-forwa...sing-iptables/

Try something like this:

Code:
iptables -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.10.134
iptables -A FORWARD -p tcp -d 192.168.10.134 -j ACCEPT
Hope this helps.

jschwalbe 07-30-2014 10:40 AM
Quote:
Originally Posted by mcresist (Post 5211574)
Hope this helps.
Thank you for your time on this, and also the link to read up on. Unfortunately that did not solve my problem. I tried it with another device as well, without any success.
:(

eSelix 07-30-2014 11:31 AM
Maybe your router has a hardware switch which directly send packets to another port. Can you specify which router it is and how these computers are connected to it? You can log traffic and see if anything is going by your router by:
Code:
iptables -t raw -I PREROUTING -s 192.168.10.130 -j LOG
By the way, if you use NAT, rules should go to "nat" table, like:
Code:
iptables -t nat -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.15.134

jschwalbe 07-30-2014 02:38 PM
Quote:
Originally Posted by eSelix (Post 5212030)
Maybe your router has a hardware switch which directly send packets to another port. Can you specify which router it is and how these computers are connected to it? You can log traffic and see if anything is going by your router by:
Code:
iptables -t raw -I PREROUTING -s 192.168.10.130 -j LOG
By the way, if you use NAT, rules should go to "nat" table, like:
Code:
iptables -t nat -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.15.134
eSelix, thanks for the help. The above commands DID indeed work, specifically when I added 'iptables -t nat -A POSTROUTING -j MASQUERADE' to the mix. However, it only worked for traffic destined OUT of my network. It appears the devices don't care what iptables has to say about them communicating with eachother. Unless there is a rule explicitly stating that they can freely communicate..? Guess I'm not well enough versed in iptables to know that answer. Happy to run and copy/paste a command if that might shed more light.

As far as my equipment: bare bones. Run of the mill Linksys E1200 wireless router, with 4 LAN + 1 WAN port, but it is running dd-wrt.


All times are GMT -5. The time now is 10:57 PM.