LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-24-2012, 08:12 AM   #1
newbie_ubu
LQ Newbie
 
Registered: Dec 2012
Posts: 6

Rep: Reputation: Disabled
file log : redirect ip and port using iptables


I try to telnet from PC 3 To PC 1 and it's redirect to PC 2. Firewall/iptables in PC 1

PC 1 : 192.168.0.1

PC 2 : 192.168.0.2

PC 3 : 192.168.0.3

i have command like this in PC 1:

1. iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 23 -j DNAT --to-destination 192.168.0.2:23

2. iptables -t nat -A POSTROUTING -j MASQUARADE

If I just do command number 1, In PC 2 shows(log file) that who telnet is a PC 3(is success) but it's can not telnet(can't telnet) just only send the connection. But when i combined with command number 2, telnet can be done(telnet is success) but in file log(in PC 2) shows that ip who telnet is PC 1, but actually that does telnet is PC 3. PC 1 is just redirect

How i resolve that?

Last edited by newbie_ubu; 12-24-2012 at 08:15 AM.
 
Old 12-24-2012, 08:39 AM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,702

Rep: Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270
That is how NAT works.

The MASQUARADE is used to track return paths. It also hides the IP number so that everything looks like the router is performing the work even though it is just forwarding to the source PC (hidden) to do the actual work.
 
Old 12-24-2012, 09:00 AM   #3
newbie_ubu
LQ Newbie
 
Registered: Dec 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
If i don't use MASQUERADE it can't telnet.
So, how to i can telnet and it saving in file log who(ip) is telnet without MASQUERADE?
 
Old 12-24-2012, 10:24 AM   #4
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
Here
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 23 -j DNAT --to-destination 192.168.0.2:23
Is changing Destination IP , and
iptables -t nat -A POSTROUTING -j MASQUARADE
is changing source IP

For complete telnet source ip also need to be changed .
 
Old 12-24-2012, 11:19 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,702

Rep: Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270
You are on a single subnet - no need for anything - just log via tcpdump.

That will give you every packet on the subnet.
 
Old 12-24-2012, 06:04 PM   #6
newbie_ubu
LQ Newbie
 
Registered: Dec 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Because i'm using honeypot(PC2). So, i want to when attacker(pc3) trying telnet to server(pc1), its direct to server honeypot(pc2).
It's the message if just using command number 1
Telnet: Unable to connect to remote host: Connection timed out.
 
Old 12-25-2012, 09:21 PM   #7
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,702

Rep: Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270
Then you have to be the router between the 192.168.0.x network and those you are trying to catch, or the switch implementing the 192.168.0.x network. The directions for your honeypot software should include the iptables configuration needed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
with iptables, how-to redirect outgoing mail from port 25 to port 587 thumbelina Linux - Networking 12 03-19-2012 08:26 AM
Port redirect with help of IPTABLES EgoX Linux - Networking 1 09-06-2010 02:45 AM
Iptables redirect ip and port adrigo Linux - Server 8 07-16-2010 02:30 PM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 12:59 AM
Redirect port with iptables |DeJoTa| Linux - Networking 0 07-11-2003 01:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration