rdark · August 29, 2015 14:01
diff --git a/iptables redirect b/iptables redirect
 :POSTROUTING ACCEPT [0:0]
 -A PREROUTING -p tcp --dport 53 -m comment --comment "MNS: Redirect TCP 53 to 10053" -j REDIRECT --to-port 10053 
 -A PREROUTING -p udp --dport 53 -m comment --comment "MNS: Redirect UDP 53 to 10053" -j REDIRECT --to-port 10053

 [rdark@g2-2119-test ~]$ sudo iptables -t nat --list -v                                                                                                                                                                                        
 Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REDIRECT   tcp  --  any    any     anywhere             anywhere            tcp dpt:domain /* MNS: Redirect TCP 53 to 10053 */ redir ports 10053 
    0     0 REDIRECT   udp  --  any    any     anywhere             anywhere            udp dpt:domain /* MNS: Redirect UDP 53 to 10053 */ redir ports 10053 

 Chain POSTROUTING (policy ACCEPT 1 packets, 116 bytes)
 pkts bytes target     prot opt in     out     source               destination         

 Chain OUTPUT (policy ACCEPT 1 packets, 116 bytes)
 pkts bytes target     prot opt in     out     source               destination    

 [rdark@g2-2119-test ~]$ sudo iptables --list
 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination   



 [rdark@g2-2119-test ~]$ dig @localhost test.domain
 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost test.domain
 ; (2 servers found)
 ;; global options: +cmd
 ;; connection timed out; no servers could be reached

 [rdark@g2-2119-test ~]$ sudo tcpdump -i lo dst port 53 or port 10053
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
 15:20:54.506760 IP localhost.localdomain.47380 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
 15:20:55.506889 IP localhost.localdomain.60671 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
 15:21:00.506854 IP localhost.localdomain.47380 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
 15:21:01.506970 IP localhost.localdomain.60671 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
 15:21:06.507104 IP localhost.localdomain.47380 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
 15:21:07.507242 IP localhost.localdomain.60671 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
	:POSTROUTING ACCEPT [0:0]
	-A PREROUTING -p tcp --dport 53 -m comment --comment "MNS: Redirect TCP 53 to 10053" -j REDIRECT --to-port 10053
	-A PREROUTING -p udp --dport 53 -m comment --comment "MNS: Redirect UDP 53 to 10053" -j REDIRECT --to-port 10053

	[rdark@g2-2119-test ~]$ sudo iptables -t nat --list -v
	Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
	pkts bytes target prot opt in out source destination
	0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:domain /* MNS: Redirect TCP 53 to 10053 */ redir ports 10053
	0 0 REDIRECT udp -- any any anywhere anywhere udp dpt:domain /* MNS: Redirect UDP 53 to 10053 */ redir ports 10053

	Chain POSTROUTING (policy ACCEPT 1 packets, 116 bytes)
	pkts bytes target prot opt in out source destination

	Chain OUTPUT (policy ACCEPT 1 packets, 116 bytes)
	pkts bytes target prot opt in out source destination

	[rdark@g2-2119-test ~]$ sudo iptables --list
	Chain INPUT (policy ACCEPT)
	target prot opt source destination

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination



	[rdark@g2-2119-test ~]$ dig @localhost test.domain
	; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost test.domain
	; (2 servers found)
	;; global options: +cmd
	;; connection timed out; no servers could be reached

	[rdark@g2-2119-test ~]$ sudo tcpdump -i lo dst port 53 or port 10053
	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
	listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
	15:20:54.506760 IP localhost.localdomain.47380 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
	15:20:55.506889 IP localhost.localdomain.60671 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
	15:21:00.506854 IP localhost.localdomain.47380 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
	15:21:01.506970 IP localhost.localdomain.60671 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
	15:21:06.507104 IP localhost.localdomain.47380 > localhost.localdomain.domain: 24780+ A? test.domain. (29)
	15:21:07.507242 IP localhost.localdomain.60671 > localhost.localdomain.domain: 24780+ A? test.domain. (29)