How can I redirect outbound traffic to port 80 using iptables locally?

Try this iptables rule:

$ sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination IP:80

The above says to:

Add the following rule to the NAT table (-t nat).
This rule will be appended (-A) to the outbound traffic (OUTPUT).
We're only interested in TCP traffic (-p tcp).
We're only interested in traffic who's destination port is 80 (--dport 80).
When we have a match, jump to DNAT (-j DNAT).
Route this traffic to some other server's IP @ port 80 (--to-destination IP:80).

What's DNAT?

DNAT
    This target is only valid in the nat table, in the PREROUTING and OUTPUT 
    chains, and user-defined chains which are only called from those chains.
    It specifies that the destination address of the packet should be modified 
    (and all future packets in  this  connection will also be mangled), and
     rules should cease being examined.

References

iptables man page

This can be made more specific to operate only on traffic to a particular destination host. For instance when postfix made mistake and mails in queue want to be sent to an old ip address.

iptables -t nat -A OUTPUT -p tcp -d {ONLY_TO_THIS_DESTINATION} --dport 25 -j DNAT --to-destination {NEW_IP}:25

This can allow you to translate ports to all IP addresses. The main difference here is the absense of an IP address in the --to-destination field.

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination :80

How can I redirect outbound traffic to port 80 using iptables locally?

What's DNAT?

References

Tags:

Iptables

Port Forwarding

Related

Recent Posts