LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-31-2009, 09:08 AM   #1
kenevel
LQ Newbie
 
Registered: Mar 2009
Posts: 2

Rep: Reputation: 0
Forwarding Yahoo IM using iptables after SSH tunnel


Hi there,

I'd like to be able to forward Yahoo IM traffic over an SSH-tunnel and then forward it from the target machine to the Yahoo servers. I was wondering whether this was possible with iptables and if so, how that could be done? I suppose there are alternatives, such as running a proxy server, but would like to know the iptables solution

Cheers

K.
 
Old 04-01-2009, 03:24 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Of course you can forward anything with ssh you just need to know the destination address and port.

Code:
ssh -L outbound_nic_address:port:yahoo_messenger_ip:yahoo_port server_address
Code:
iptables -t nat -I POSTROUTING -p tcp(or udp) --dport yahoo_port -d yahoo_messenger_ip -j DNAT --to-destination outbount_nic_address
Am using your nic_address because DNAT to localhost does not seem to work.
 
Old 04-07-2009, 06:31 AM   #3
kenevel
LQ Newbie
 
Registered: Mar 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Hi datopdog,

Thanks very much for your reply, it's working a treat. I got a bit confused with all the different IP settings, so thought I'd post my solution here.

The Yahoo IM server runs off several hostnames, but the primary one I'm aware of is scs.msg.yahoo.com. This currently resolves to 66.163.181.167 and is used in the following scripts.

Please also not I'm running CentOS 5 so seem to have a slightly different iptables syntax to the one suggested. Its man page suggested that for my version, the DNAT target was valid in the OUTPUT, not POSTROUTING chain.

I've then modified my Yahoo client to use localhost:5050 as its server.

Once again thanks to datopdog for a great answer.

Cheers

K.

Client machine

tunnelyim.sh
Code:
#!/bin/bash

ssh -fN -L 5050:66.163.181.167:5050 -l myusername RELAY_HOST_IP
Relay machine

fwdyim.sh
Code:
#!/bin/bash

if [ "`whoami`" != "root" ] ; then
        echo "you must be root to execute this script"
        exit 1
fi

for protocol in tcp udp ; do 
        /sbin/iptables -t nat -I OUTPUT -p $protocol --dport 5050 -j DNAT --to-destination 66.163.181.167
done
 
  


Reply

Tags
iptables, relay, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Port Forwarding with iptables or ssh linker3000 Linux - Software 11 07-07-2008 09:41 AM
SSH Port Forwarding with IPTables & DNAT MercurioBlue Linux - Networking 2 08-25-2006 12:17 AM
ssh tunnel / port forwarding Q FrayAdjacent Linux - Networking 2 07-05-2005 04:37 PM
SSH tunnel or Iptables forwarding jatro Linux - Networking 5 06-15-2005 04:07 AM
iptables: forwarding SSH connection: eth0 to eth1 hamish Linux - Networking 12 01-14-2005 04:07 PM


All times are GMT -5. The time now is 04:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration