A Netcat Tip ~ Tue, 17 May 2011 12:46:53 +0000
Setting up a new web server, I found myself needing to test a couple port redirect rules. Instead of jumping through a bunch of crazy, potentially exploitable, hoops to get Apache Tomcat to listen on ports 80 and 443 I added these two rules to my firewall:
$ iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8080 $ iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443
So I needed to test that they actually work. Netcat to the rescue! On the web server:
$ yes | nc -l -p 8080
And on my local computer:
$ nc remote.server 80
Where remote.server is the address of the web server.
So what is being done here? First, on the web server, I pipe the output of the yes utility (which just spams 'y' by default) into an instance of Netcat. This instance of Netcat is set to listen on port 8080, the destination of our port 80 redirect. Second, on my local computer, I start another instance of Netcat that will connect to the web server on port 80 and print out any data it receives. The goal is to see 'y' spammed on the local computer. If the goal is met, the rule is working.