4

Is there a way I can map 127.0.0.1:3389 to 192.168.1.2:3389 (with iptables? That is, all connections to localhost:3389 will be redirected to my LAN machine?

The reason for that is as follows: my iPhone RDP app can do SSH tunneling but does not provide options to tweak SSH parameters. So, it connects to my router via SSH, establishes a tunnel to 127.0.0.1:3389 and then tries to connect to localhost:3389 on the iPhone. Fail.

I don't want to run SSH server on my LAN machine and instead want to use router's SSH server(Asus RT-N16 running Tomato). Is that doable? This doesn't work:

$ iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 3389 -j DNAT --to-destination 192.168.1.2
Chris S
  • 77,337
  • 11
  • 120
  • 212

2 Answers2

1

Have a look at rinetd it seems to do what you want. There is some more information on installation and usage here.

user9517
  • 114,104
  • 20
  • 206
  • 289
1

There are some mistakes in your iptables command:

1) you are trying to catch that in the OUTPUT table, but for a redirection like this you need to do it in PREROUTING

2) you are not redirecting to the port too. you are just telling iptables to send those packets to a certain IP without specifing the port.

So your command should look like this:

iptables -t nat -A PREROUTING -d 127.0.0.1 -p tcp --dport 3389 -j DNAT --to 192.168.1.2:3389

My iptables-fu might be a bit rusty so you if it doesn't work try running the same command in the INPUT table too (-A INPUT). If nothing works, shout back here and we will find a fix.

danakim
  • 410
  • 2
  • 8