The port forwarding from one ip to another ip in same network using iptables

Let’s say that we need to forward all connection to a port 143 IMAP to localhost to another server to a port 143 IMAP:

iptables -t nat -I PREROUTING -p tcp -d localhost --dport 143 -j DNAT --to-destination anotherserver:143
iptables -t nat -A POSTROUTING -p tcp --dport 143 -d anotherserver -j SNAT --to localhost – localhost – another server

# Forward port 143 IMAP to
iptables -t nat -I PREROUTING -p tcp -d --dport 143 -j DNAT --to-destination
iptables -t nat -A POSTROUTING -p tcp --dport 143 -d -j SNAT --to

# Log connection to port 143 to /var/log/firewall
iptables -t nat -I PREROUTING -p tcp --dport 143 -j LOG --log-prefix "IMAP PREROUTING: "
iptables -t nat -I POSTROUTING -p tcp --dport 143 -j LOG --log-prefix "IMAP POSTROUTING: "

OpenVPN in OpenVZ/VServer

# Allow OpenVPN
iptables -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -t nat -A POSTROUTING -s -o venet0:0 -j MASQUERADE
# in OpenVZ/VServers you may need the following instead the lane above
iptables -t nat -A POSTROUTING -s -j SNAT --to-source

Block an IP address with null routes or with iptables on a Linux.

You can drop as IP address using the iptables command:

iptables -A INPUT -s -j DROP
iptables -A OUTPUT -d -j DROP

However, you can use route or ip command to a null route unwanted traffic. A null route is a network route or kernel routing table entry that goes nowhere.

route add gw lo

or reject 😉

route add -host reject

Also we can drop entire subnet

route add -net gw lo

To delete an IP address or entire subnet from a null route use the following command:

route del gw lo


route del -net gw lo

Port forwarding using xinetd.

An easy method to do port forwarding without the iptables is to use the xinetd.
In order to port forward with xinetd, you will need to create a configuration file:

root# vim /etc/xinetd.d/imap_forward

For example: Forward port 143 on localhost to remote server on port 143:

service imap_forward
disable = no
socket_type = stream
protocol = tcp
user = nobody
wait = no
redirect = remote_IP_or_server_name 143
port = 143

SSH backdoor.

SSH from hades to with the -R flag. I’ll assume that you’re the root user on hades and that tech will need the root user ID to help you with the system. With the -R flag, you’ll forward instructions of port 2222 on to port 22 on hades. This is how you set up an SSH tunnel. Note that only SSH traffic can come into hades: You’re not putting hades out on the Internet naked.

You can do this with the following syntax:

# ssh -R 2222:localhost:22

Once you are into, you just need to stay logged in and enter a command like:$ while [ 1 ]; do date; sleep 300; done

to keep the machine busy and minimize the window.
Now instruct your friends to SSH as “username” into without using any special SSH flags. You’ll have to give them your password:

root@hades:~# ssh .

BTW no need

Once user is on the, they can SSH to earth using the following command:$: ssh -p 2222 root@localhost

Short form:

from earth: ssh -R 2222:localhost:22
then: while [ 1 ]; do date; sleep 300; done
from hades: ssh -p 2222 root@localhost
and we can log in into :))