LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-03-2011, 05:04 PM   #1
ltarc3
LQ Newbie
 
Registered: Oct 2011
Posts: 6

Rep: Reputation: Disabled
How to change the target IP address using IPTables


I have a special situation where I need to change (mangle?) the target (destination) IP address for connections originating on an Ubuntu 11 host.

The idea is that if I browse, ssh, or ping, say 1.1.1.1, I really want it to go to 2.2.2.2.

On the hose itself I have just one rule:

iptables -t nat -A OUTPUT -d 1.1.1.1 -j DNAT --to 2.2.2.2

However, this does not work. I know I've done something like this before and it wasn't that hard. But this time I just can't get it to work nor can I find the answers.

Thanks for your help!
 
Old 10-03-2011, 05:16 PM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
change OUTPUT to

-t nat -A PREROUTING etc etc

http://www.linuxhomenetworking.com/w...y_The_Firewall
 
Old 10-03-2011, 05:41 PM   #3
ltarc3
LQ Newbie
 
Registered: Oct 2011
Posts: 6

Original Poster
Rep: Reputation: Disabled
My bad, I meant to say I entered:

iptables -t nat -A PREROUTING -d 1.1.1.1 -j DNAT --to 2.2.2.2

I tried lots of other stuff and pasted in the wrong thing previously.
 
Old 10-04-2011, 03:40 AM   #4
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
Can you explain the network in a bit more detail?

Which machine are you putting the rule on? are there other rules getting in the way? ie: you probably need a rule in forward to accept the traffic.

Does the either of the machines have other rules preventing it from working?

Is there a router or something in between the two causing problems?

Whats in the logs?

Perhaps try being more specific with the rule ie:
-t nat -A PREROUTING -i $inIF -o $outIF -p tcp -m multiport --dports 22,80,etc -j DNAT --to-destination 2.2.2.2
 
Old 10-04-2011, 11:56 AM   #5
ltarc3
LQ Newbie
 
Registered: Oct 2011
Posts: 6

Original Poster
Rep: Reputation: Disabled
Thanks for your input fukawi1.

This is on a laptop running Ubuntu 11, not a server. It is not acting as a router. There are no other rules. It couldn't be simpler.

I realize reading the man pages and such that this seems to be for a routing (net.ipv4.conf.all.forwarding = 1), but I want iptables on this host to mangle its own destination IP from 1.1.1.1 to 2.2.2.2.

The situation is something like this, but not quite. Say you have a website at 2.2.2.2, but there are links in the html that, instead of providing a relative reference, specify the IP address incorrectly as 1.1.1.1. Well, the links won't work because the IP is wrong. But if I fake my developers laptop out to go to 2.2.2.2 whenever 1.1.1.1 is specified then it will work. This isn't the real scenario, but gives you the idea.

The thing is, I did this years ago for another situation. It may be that they way iptables works has changed since then. Or maybe I actually did it on a server acting as a linux router. But it seems like this should be able to be done on a host.

---------- Post added 10-04-11 at 11:57 AM ----------

Oh, and I tried specifying protocol, etc. It still didn't work.

Thanks.
 
Old 10-04-2011, 09:40 PM   #6
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
Well im out, i cant visualise the scenario clearly, and im the type that needs to be able to do draw a mental image of whats happening.

I havent done much with iptables on a host of its own, only on a router.

Sorry pal.
 
Old 10-04-2011, 09:54 PM   #7
ltarc3
LQ Newbie
 
Registered: Oct 2011
Posts: 6

Original Poster
Rep: Reputation: Disabled
Thanks for trying.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 04:33 PM
ROUTE Target in iptables johnniealan Linux - Networking 0 06-09-2009 11:15 PM
IPTABLES and TCPMSS Target metallica1973 Linux - Networking 0 01-04-2008 10:45 AM
MASQUERADE Target not found (IPTABLES) bksmart Linux - Networking 15 07-27-2005 09:57 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration