c******n 发帖数: 4965 | 1 for all traffic going to remote box 1.2.3.4 : 8888
I want to route the traffic to localhost : 8888, and I already have a ssh
tunnel
listening on localhost : 8888 to route the traffic to 1.2.3.4:8888
Thanks
I did something like this: but doesn't seem to work
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT |
j*a 发帖数: 14423 | 2 /proc/sys/net/ipv4/ip_forward
把这个打成1
ACCEPT
【在 c******n 的大作中提到】 : for all traffic going to remote box 1.2.3.4 : 8888 : I want to route the traffic to localhost : 8888, and I already have a ssh : tunnel : listening on localhost : 8888 to route the traffic to 1.2.3.4:8888 : Thanks : I did something like this: but doesn't seem to work : /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx : --dport 8888 -j DNAT --to 192.168.0.2:80 : /sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
|
S*A 发帖数: 7142 | 3 how about:
iptables -t nat -A OUTPUT -p tcp -d 1.2.3.4 -j REDIRECT --to-ports 8888
That will redirect any port to port 8888. You can add --dport 8888
for only 1.2.3.4:8888
ACCEPT
【在 c******n 的大作中提到】 : for all traffic going to remote box 1.2.3.4 : 8888 : I want to route the traffic to localhost : 8888, and I already have a ssh : tunnel : listening on localhost : 8888 to route the traffic to 1.2.3.4:8888 : Thanks : I did something like this: but doesn't seem to work : /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx : --dport 8888 -j DNAT --to 192.168.0.2:80 : /sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
|
c******n 发帖数: 4965 | 4 thanks, I figured out, actually I need to redirect to localhost, not only
ports.
I ended up using
-t nat -A OUTPUT ....... -j DNAT --to 127.0.0.1:8888
【在 S*A 的大作中提到】 : how about: : iptables -t nat -A OUTPUT -p tcp -d 1.2.3.4 -j REDIRECT --to-ports 8888 : That will redirect any port to port 8888. You can add --dport 8888 : for only 1.2.3.4:8888 : : ACCEPT
|
S*A 发帖数: 7142 | 5 I think redirect by default is localhost.
【在 c******n 的大作中提到】 : thanks, I figured out, actually I need to redirect to localhost, not only : ports. : I ended up using : -t nat -A OUTPUT ....... -j DNAT --to 127.0.0.1:8888
|