Learn how to redirect all traffic destined for an internet host (e.g., 1.1.1.1) to another IP, a local machine—for fun and profit. This technique is useful for debugging, blocking specific requests or bypassing restrictions.

There are multiple scenarios where intercepting all requests to a particular IP address and forwarding them to another host on the local network can be helpful. This can be achieved in OpenWrt either through the GUI or by manually editing the firewall configuration.

# cat /etc/config/firewall

(...)

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'testfw'
        option family 'ipv4'
        option src 'lan'
        option src_dip '1.1.1.1'
        option src_dport '443'
        option dest_ip '172.21.1.3'
        option dest_port '4343'
        option src_ip '172.21.1.120'
        list proto 'tcp'
        list proto 'udp'

config nat
        option name 'testfw_snat'
        option family 'ipv4'
        option src 'lan'
        option dest_ip '172.21.1.3'
        option target 'SNAT'
        option snat_ip '172.21.1.1'
        option src_ip '172.21.1.120'
        option dest_port '4343'
        list proto 'tcp'
        list proto 'udp'

This configuration will forward all tcp and udp traffic coming from machine 172.21.1.120 and destined at 1.1.1.1:443 to 172.21.1.3:443.

Enjoy.