Howto redirect traffic from local machine to internet back to local machine?

Howto redirect traffic from local machine to internet back to local machine?

Post by Martin Kah » Sat, 26 Nov 2005 17:40:05


Hi!

I have the following problem:
A program (malware) is running on my linux box and i want to check what it
does.
This program sends a lot of traffic to different IP addresses on the internet.
I know the destination port(s), but i do not know the IP in advance.

How can i redirect all traffic (with known dest port) originating from my
local box to the internet back to my local machine?

To make it clearer:
Assume i want to redirect all connection attempts to external mail-servers
coming from my local machine back to my own box.

This is what i tried so far (my box has IP 192.168.100.182):
# cat fw.sh

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 \
-j DNAT --to 127.0.0.1:25

but unfortunately, it does not work:
$ telnet mail.gmx.net 25
Trying 213.165.64.20...
Connected to mail.gmx.net. <---- of course, that's not my machine
Escape character is '^]'.
220 {mp033} GMX Mailservices ESMTP

The same happens with
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.182 --dport 25 \
-j DNAT --to 127.0.0.1:25

Why does this not work?

Can any kind soul please help me?

Thanks in advance!

Regards
Martin.