A
A
Alex M.2015-04-14 14:18:21
Debian
Alex M., 2015-04-14 14:18:21

How to redirect an outgoing http connection to 1.1.1.1 to 2.2.2.2 in Debian?

hello, I am faced with the task of redirecting outgoing http traffic to 1.1.1.1 at 192.168.80.1!
in other words, when connecting to 1.1.1.1, my virtual machine should receive content from 192.168.80.1
.

iptables -t nat -A PREROUTING -s 1.1.1.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.80.1:8088


[email protected]:~# iptables-save
# Generated by iptables-save v1.4.14 on Tue Apr 14 14:15:52 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Tue Apr 14 14:15:52 2015
# Generated by iptables-save v1.4.14 on Tue Apr 14 14:15:52 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -s 1.1.1.1/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.80.1:8088
COMMIT
# Completed on Tue Apr 14 14:15:52 2015

root@host:~# sysctl -a|grep ip_forward
net.ipv4.ip_forward = 1

root@host:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:21:65:12
          inet addr:192.168.80.130  Bcast:192.168.80.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe21:6512/64 Scope:Link

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir, 2015-04-14
@reeder

add before
may still be required in the nat chain

-A POSTROUTING -p tcp -m tcp -s 1.1.1.1 -d 192.168.80.1 --dport 8088 -j SNAT --to-source 192.168.80.130

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question