Home / server / Questions / 264283
In Process
Possa
Asked: 2011-04-29 04:18:32 +0800 CST

Iptables prerouting and IP forwarding

  • 772

I have a linux machine used as gateway for a Win XP machine. Both are in Virtual machine for testing purpose. Now I want to trick the Win XP user (me) with the forwarding of an IP address: I want to change the destination IP address.

For example I want to go to 1.1.1.1 but linux gateway change it to 2.2.2.2 So if I'm expecting the web page of 1.1.1.1, I'll get the changed one, the one of 2.2.2.2 For example I want to go to Facebook and I'm forced to Google home page.

How can I do it? With prerouting? Because I've done lot of tries, but no one working :(

linux routing shell iptables

2 Answers

  1. That is not going to reliably work with iptables alone, because HTTP requests send along a Host: header. And it is unlikely that Google would know how to serve a page for Host:facebook.com. Install a proper proxy software, such as squid.

    • 0

  2. Basically, what you must do is:

    1. Configure the Linux box to act as a router

    2. Change the Default Gateway of the Windows box to point to the IP of the Linux box

    3. Do a DNAT, e.g. :

      iptables -t nat -A PREROUTING -i $INCOMING_INTERFACE -d $DEST_IP -j DNAT --to $NEW_DEST_IP

    4. Also do a SNAT, e.g. 

      iptables -t nat -A POSTROUTING -o $OUTGOING_INTERFACE -j SNAT --to $OUTGOING_IP_ADDRESS_OF_ROUTER

    5. Make sure that no iptables rule/policy drops your traffic

    • 0