Is there a way I can map 127.0.0.1:3389 to 192.168.1.2:3389 (with iptables? That is, all connections to localhost:3389 will be redirected to my LAN machine?
The reason for that is as follows: my iPhone RDP app can do SSH tunneling but does not provide options to tweak SSH parameters. So, it connects to my router via SSH, establishes a tunnel to 127.0.0.1:3389 and then tries to connect to localhost:3389 on the iPhone. Fail.
I don't want to run SSH server on my LAN machine and instead want to use router's SSH server(Asus RT-N16 running Tomato). Is that doable? This doesn't work:
$ iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 3389 -j DNAT --to-destination 192.168.1.2
Have a look at rinetd it seems to do what you want. There is some more information on installation and usage here.
There are some mistakes in your iptables command:
1) you are trying to catch that in the OUTPUT table, but for a redirection like this you need to do it in PREROUTING
2) you are not redirecting to the port too. you are just telling iptables to send those packets to a certain IP without specifing the port.
So your command should look like this:
My iptables-fu might be a bit rusty so you if it doesn't work try running the same command in the INPUT table too (-A INPUT). If nothing works, shout back here and we will find a fix.