Host OS: Ubuntu 16.06 LTS
I have my server listening on port 1233. I have to redirect my all TCP and UDP traffic to port 1233 except the SSH port. I successfully redirected my all ports to 1233 with the following IPTable rules.
*filter
:INPUT ACCEPT [89:12442]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [114:10536]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [2:64]
:INPUT ACCEPT [2:261]
:OUTPUT ACCEPT [8:524]
:POSTROUTING ACCEPT [8:524]
-A PREROUTING -p tcp -m tcp -j REDIRECT --to-ports 1233
-A PREROUTING -p udp -j REDIRECT --to-ports 1233
COMMIT
I have also added a rule for the SSH port, but I could not successfully establish an SSH connection with my server because PREROUTING chains will execute first. After searching, I found a lot of questions that look related to this, but not a single one covered this scenario.
You might be wondering about the use case of this type of implementation. It's a honeypot server and our idea is to set up the honeypot to listen for all traffic except SSH. I know I could define a range of ports or use the multiport facility of iptables, but I have to redirect my all ports except 22.
Answer
My SSH was server listen at port 22. I got success with the following IPTables rules.
iptables -t nat -A PREROUTING -p tcp --dport 1:21 -j REDIRECT --to-port 5000
iptables -t nat -A PREROUTING -p tcp --dport 23:65389 -j REDIRECT --to-port 5000
iptables -t nat -A PREROUTING -p udp -j REDIRECT --to-port 5000
service iptables-persistent save
service iptables-persistent reload
No comments:
Post a Comment