redirect local traffic to another local IP. ?iptables

jschwalbe · 07-29-2014, 02:03 PM

Greetings.

I'm trying to redirect (actually, capture) traffic from one internal device to another. They are all on the same network, which is run by a dd-wrt router. I was working with DNSMasq (which allowed me to set the Gateway to my proxy server and collect externally destined traffic), but I wasn't able to catch info between the two devices.

From the router I tried a few iptables commands, namely:
iptables -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.15.134
iptables -A PREROUTING -d 192.168.10.114 -p tcp -j DNAT --to-destination 192.168.15.134
iptables -A PREROUTING -d 192.168.10.114 -p tcp -j DNAT --to-destination 192.168.15.134 -t nat
without any success.

192.168.10.130 = a device trying to connect to another device, the handshake I'd like to catch.
192.168.10.114 = the second device, to which it is communicating
192.168.10.134 = my personal computer with a proxy set up (could use nc instead but mitmproxy works well for most things)

The ports I believe the two devices to talk on are 8080, 9000 and 10000.

Any suggestions on how to redirect all internal traffic from 192.168.10.130 to 192.168.10.134? Many thanks!

mcresist · 07-29-2014, 03:24 PM

Howdy,

Quote:

Any suggestions on how to redirect all internal traffic from 192.168.10.130 to 192.168.10.134? Many thanks!

I believe you are missing a rule that allows FORWARDING

See: http://www.fclose.com/816/port-forwa...sing-iptables/

Try something like this:

Code:

iptables -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.10.134
iptables -A FORWARD -p tcp -d 192.168.10.134 -j ACCEPT

Hope this helps.

jschwalbe · 07-30-2014, 10:40 AM

Quote:

Originally Posted by mcresist

Hope this helps.

Thank you for your time on this, and also the link to read up on. Unfortunately that did not solve my problem. I tried it with another device as well, without any success.

eSelix · 07-30-2014, 11:31 AM

Maybe your router has a hardware switch which directly send packets to another port. Can you specify which router it is and how these computers are connected to it? You can log traffic and see if anything is going by your router by:

Code:

iptables -t raw -I PREROUTING -s 192.168.10.130 -j LOG

By the way, if you use NAT, rules should go to "nat" table, like:

Code:

iptables -t nat -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.15.134

jschwalbe · 07-30-2014, 02:38 PM

Quote:

Originally Posted by eSelix

Maybe your router has a hardware switch which directly send packets to another port. Can you specify which router it is and how these computers are connected to it? You can log traffic and see if anything is going by your router by:

Code:

iptables -t raw -I PREROUTING -s 192.168.10.130 -j LOG

By the way, if you use NAT, rules should go to "nat" table, like:

Code:

iptables -t nat -A PREROUTING -s 192.168.10.130 -p tcp -j DNAT --to-destination 192.168.15.134

eSelix, thanks for the help. The above commands DID indeed work, specifically when I added 'iptables -t nat -A POSTROUTING -j MASQUERADE' to the mix. However, it only worked for traffic destined OUT of my network. It appears the devices don't care what iptables has to say about them communicating with eachother. Unless there is a rule explicitly stating that they can freely communicate..? Guess I'm not well enough versed in iptables to know that answer. Happy to run and copy/paste a command if that might shed more light.

As far as my equipment: bare bones. Run of the mill Linksys E1200 wireless router, with 4 LAN + 1 WAN port, but it is running dd-wrt.