Results 1 to 4 of 4

Thread: iptables NAT, port forwarding

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Posts
    82

    Default iptables NAT, port forwarding

    hi

    I just wanted to ask a few questions on some iptables rules found in the MiTM + Rogue AP tutorial http://forums.remote-exploit.org/sho...highlight=MiTMthat I didn't clearly understood.

    I 've made the experiment several times and it worked fine but the following are some of the several questions I need to ask!


    Code:
    bt ~ # iptables –t nat –A PREROUTING –p udp –j DNAT –-to 192.168.0.1
    bt ~ # iptables –P FORWARD ACCEPT
    bt ~ # iptables –-table nat –-append POSTROUTING –-out-interface eth0  –j MASQUERADE
    Please can someone explain me those lines in a bit more depth! Especially the second line...i didn't really got its meaning! Is it to allow any traffic to be accepted by at0 interface?

    However I didn't specify any port number on the first line for udp and it worked fine! What is the reason that someone had used port 53 in the above tutorial? I know 53 is for DNS traffic but why port 80 is not specified somewhere since the victim can surf the internet ?

    I will appreciate if someone can make things clear to me!

    Thank you very much!

  2. #2
    Junior Member
    Join Date
    Mar 2008
    Posts
    96

    Post

    Code:
    iptables –t nat –A PREROUTING –p udp –j DNAT –-to 192.168.0.1
    This forces any UDP packets reaching your nat'ed interface to 192.168.0.1

    Code:
    iptables –P FORWARD ACCEPT
    This sets the default policy for your FORWARD table to ACCEPT, basically, if a packet doesn't match any FORWARD rule, it will default to ACCEPT. Anything have to go from one interface to another will pass through the FORWARD table. Ex. at0 to eth0

    Code:
    iptables –-table nat –-append POSTROUTING –-out-interface eth0  –j MASQUERADE
    This sets eth0 as your nat'ed interface

    Quote Originally Posted by ioannou.alexandros View Post

    However I didn't specify any port number on the first line for udp and it worked fine! What is the reason that someone had used port 53 in the above tutorial? I know 53 is for DNS traffic but why port 80 is not specified somewhere since the victim can surf the internet.

    Thank you very much!
    The first command forces any udp traffic to 192.168.0.1, so if anyone tries to reach a udp service on the outside (tftp, etc..) it will not work (unless that service is running on 192.168.0.1). The reason you don't have to specify 80 is because their is no rule denying it, so it passes through your nat'ed interface without issue.

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Posts
    82

    Default

    Thanks very much for your great answers! Things are know getting more clear!

  4. #4
    Junior Member
    Join Date
    Mar 2008
    Posts
    96

    Default

    Quote Originally Posted by ioannou.alexandros View Post
    Thanks very much for your great answers! Things are know getting more clear!
    Glad i could help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •