How to divert connection or packet before routing decision entering the default

Posted on In QA, Tutorial

before the packets ports (443) entering the firewall i would like to divert incoming packet of server (443) to input chain goes to FORWARD chain<br>
so thats the incoming packets 100.43.xx.xx –sport 443 are send it to FORWARD instead of input chain<br>
how to configure this in OUTPUT,FORWARD,POST AND PREROUTING CHAIN

and this is my nf_conntrack
tcp 6 431977 ESTABLISHED src=192.168.xx.xx dst=100.43.xx.xx sport=33575 dport=443

src=100.43.xx.xx dst=192.168.xx.xx sport=443 dport=33575 [ASSURED] mark=0 use=1

tcp 6 431867 ESTABLISHED src=192.168.xx.xx dst=100.43.xx.xx sport=54461 dport=443

                                   src=100.43.xx.xx dst=192.168.xx.xx sport=443 dport=54461 [ASSURED] mark=0 use=1

my iptables rules<br>
root@kali:~# iptables-save</br>

Generated by iptables-save v1.4.21 on Sun Jan 14 15:20:35 2018

:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [3409:2036610]
-A POSTROUTING -o wlan0 -m state –state NEW,RELATED,ESTABLISHED -j MASQUERADE

filter
:INPUT ACCEPT [333:6760]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [333:6760]
-A INPUT -i wlan0 -p tcp -s 100.43.xx.xx –sport 443 -j DROP
-A INPUT -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT


If a packet is forwarded by iptables (e.g. by a rule in PREROUTING chain) https://www.systutorials.com/816/port-forwarding-using-iptables/ , it will go through the FORWARD chain.

Leave a Reply

Your email address will not be published. Required fields are marked *