LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to change the target IP address using IPTables (https://www.linuxquestions.org/questions/linux-networking-3/how-to-change-the-target-ip-address-using-iptables-906239/)

ltarc3 10-03-2011 04:04 PM
How to change the target IP address using IPTables
 
I have a special situation where I need to change (mangle?) the target (destination) IP address for connections originating on an Ubuntu 11 host.

The idea is that if I browse, ssh, or ping, say 1.1.1.1, I really want it to go to 2.2.2.2.

On the hose itself I have just one rule:

iptables -t nat -A OUTPUT -d 1.1.1.1 -j DNAT --to 2.2.2.2

However, this does not work. I know I've done something like this before and it wasn't that hard. But this time I just can't get it to work nor can I find the answers.

Thanks for your help!

fukawi1 10-03-2011 04:16 PM
change OUTPUT to

-t nat -A PREROUTING etc etc

http://www.linuxhomenetworking.com/w...y_The_Firewall

ltarc3 10-03-2011 04:41 PM
My bad, I meant to say I entered:

iptables -t nat -A PREROUTING -d 1.1.1.1 -j DNAT --to 2.2.2.2

I tried lots of other stuff and pasted in the wrong thing previously.

fukawi1 10-04-2011 02:40 AM
Can you explain the network in a bit more detail?

Which machine are you putting the rule on? are there other rules getting in the way? ie: you probably need a rule in forward to accept the traffic.

Does the either of the machines have other rules preventing it from working?

Is there a router or something in between the two causing problems?

Whats in the logs?

Perhaps try being more specific with the rule ie:
-t nat -A PREROUTING -i $inIF -o $outIF -p tcp -m multiport --dports 22,80,etc -j DNAT --to-destination 2.2.2.2

ltarc3 10-04-2011 10:56 AM
Thanks for your input fukawi1.

This is on a laptop running Ubuntu 11, not a server. It is not acting as a router. There are no other rules. It couldn't be simpler.

I realize reading the man pages and such that this seems to be for a routing (net.ipv4.conf.all.forwarding = 1), but I want iptables on this host to mangle its own destination IP from 1.1.1.1 to 2.2.2.2.

The situation is something like this, but not quite. Say you have a website at 2.2.2.2, but there are links in the html that, instead of providing a relative reference, specify the IP address incorrectly as 1.1.1.1. Well, the links won't work because the IP is wrong. But if I fake my developers laptop out to go to 2.2.2.2 whenever 1.1.1.1 is specified then it will work. This isn't the real scenario, but gives you the idea.

The thing is, I did this years ago for another situation. It may be that they way iptables works has changed since then. Or maybe I actually did it on a server acting as a linux router. But it seems like this should be able to be done on a host.

---------- Post added 10-04-11 at 11:57 AM ----------

Oh, and I tried specifying protocol, etc. It still didn't work.

Thanks.

fukawi1 10-04-2011 08:40 PM
Well im out, i cant visualise the scenario clearly, and im the type that needs to be able to do draw a mental image of whats happening.

I havent done much with iptables on a host of its own, only on a router.

Sorry pal.

ltarc3 10-04-2011 08:54 PM
Thanks for trying.


All times are GMT -5. The time now is 07:15 AM.