Rewrite destination / forward traffic to local machine

TCB13 · February 10, 2025, 6:33pm

Hello,

I was trying to accomplish something like this in openwrt:

iptables -t nat -A PREROUTING -p tcp -d 1.1.1.1 --dport 3389 -j DNAT --to-destination 192.168.1.125

The ideia is to have all traffic that is destined to an internet host eg 1.1.1.1 to be forwarded to a local machine.

I tried something like (using the GUI Firewall - Port Forwards):

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'rdpfwd1'
        option family 'ipv4'
        option src 'lan'
        option src_dip '1.1.1.1'
        option src_dport '3389'
        option dest_ip '192.168.1.125'
        option dest_port '3389'
        list proto 'tcp'

But it doesn't seem to work. Any tips?

psherman · February 10, 2025, 6:35pm

It seems that what you are looking to do is effectively the same as DNS hijacking. This guide should help:

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

pavelgl · February 10, 2025, 6:56pm

You need an additional SNAT rule.

config nat
        option name             'rdpfwd1_SNAT'
        option target           'SNAT'
        option src              'lan'
        option proto            'tcp'
        option dest_ip          '192.168.1.125'
        option dest_port        '3389'
        option snat_ip          '192.168.1.1' # Correct router lan IP here

TCB13 · February 10, 2025, 7:06pm

Yes! This does work. Thank you very much.

system · February 20, 2025, 7:07pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.