Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-31-2009, 09:08 AM   #1
LQ Newbie
Registered: Mar 2009
Posts: 2

Rep: Reputation: 0
Forwarding Yahoo IM using iptables after SSH tunnel

Hi there,

I'd like to be able to forward Yahoo IM traffic over an SSH-tunnel and then forward it from the target machine to the Yahoo servers. I was wondering whether this was possible with iptables and if so, how that could be done? I suppose there are alternatives, such as running a proxy server, but would like to know the iptables solution


Old 04-01-2009, 03:24 AM   #2
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Of course you can forward anything with ssh you just need to know the destination address and port.

ssh -L outbound_nic_address:port:yahoo_messenger_ip:yahoo_port server_address
iptables -t nat -I POSTROUTING -p tcp(or udp) --dport yahoo_port -d yahoo_messenger_ip -j DNAT --to-destination outbount_nic_address
Am using your nic_address because DNAT to localhost does not seem to work.
Old 04-07-2009, 06:31 AM   #3
LQ Newbie
Registered: Mar 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Hi datopdog,

Thanks very much for your reply, it's working a treat. I got a bit confused with all the different IP settings, so thought I'd post my solution here.

The Yahoo IM server runs off several hostnames, but the primary one I'm aware of is This currently resolves to and is used in the following scripts.

Please also not I'm running CentOS 5 so seem to have a slightly different iptables syntax to the one suggested. Its man page suggested that for my version, the DNAT target was valid in the OUTPUT, not POSTROUTING chain.

I've then modified my Yahoo client to use localhost:5050 as its server.

Once again thanks to datopdog for a great answer.



Client machine

ssh -fN -L 5050: -l myusername RELAY_HOST_IP
Relay machine

if [ "`whoami`" != "root" ] ; then
        echo "you must be root to execute this script"
        exit 1

for protocol in tcp udp ; do 
        /sbin/iptables -t nat -I OUTPUT -p $protocol --dport 5050 -j DNAT --to-destination


iptables, relay, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Port Forwarding with iptables or ssh linker3000 Linux - Software 11 07-07-2008 09:41 AM
SSH Port Forwarding with IPTables & DNAT MercurioBlue Linux - Networking 2 08-25-2006 12:17 AM
ssh tunnel / port forwarding Q FrayAdjacent Linux - Networking 2 07-05-2005 04:37 PM
SSH tunnel or Iptables forwarding jatro Linux - Networking 5 06-15-2005 04:07 AM
iptables: forwarding SSH connection: eth0 to eth1 hamish Linux - Networking 12 01-14-2005 04:07 PM

All times are GMT -5. The time now is 03:42 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration