Redirect traffic for one ip address to another

From Birnam Designs Wiki

Jump to: navigation, search

In this case, I needed to bypass a ping that was planted in an SWF that notified the original developer where I was developing the site. There are plenty of legitimate uses of a ping to validate software licenses, but this wasn't one of them. This was nothing more than a bug (not a software bug, a 'monitoring device' bug). The end client will be absolutely livid when I explain this.

To get around this, I had to modify the iptables on my router. My router runs DD-WRT, which has finally showed me exactly how useful it could be. (I couldn't have done this with the linksys software!!) 

$ telnet 192.168.1.1
$ username: root
$ password:

Then, once in, I updated the iptables like this: 

$ iptables -t nat -A PREROUTING -d 123.45.67.89 -j DNAT --to 192.168.1.2

With, obviously, the -d ip address and the --to ip address reflecting the original destination and the new destination, respectfully.

To remove this, replace -A with -D: 

$ iptables -t nat -D PREROUTING -d 123.45.67.89 -j DNAT --to 192.168.1.2

Restarting the router will also change this, since this does not permanently store the change.

To make the change permanent, you will need to create a script that runs at startup. It is highly recommended to put a delay at the top of this script, like sleep 300. If your script somehow disables your own access to the router (which, if you're fooling with iptables, this can be pretty easy), then having a sleep 300 command will give you a five minute window every time the router is rebooted in which you have your original settings and access.

Retrieved from "http://info.birnamdesigns.com/wiki/Redirect_traffic_for_one_ip_address_to_another"
Share This!
This page was last modified on 11 February 2010, at 20:05. This page has been accessed 839 times.