Murdoc
asked on
Redirecting IP from local network (iptables)
Hi everyone.
I'm looking for help with iptables and redirecting. I have local network with NAT. I'd like to redirect computer ( for example 10.10.2.3) using http protocol to another web site.
Thank you in advance.
I'm looking for help with iptables and redirecting. I have local network with NAT. I'd like to redirect computer ( for example 10.10.2.3) using http protocol to another web site.
Thank you in advance.
ASKER
Your example shows how to redirect computer from internet to local network but i'm looking for something opposite.
For example:
Computer from local network wants to reach for instance http://google.com and I want to redirect this computer ( from local network) to http://admf.eu.org which is not in local network but in Internet.
So it would look similar to :
iptables -t nat -A PREROUTING -s 10.10.2.3 -p tcp --dport 80 -j DNAT --to 212.33.84.236:80
....but I'm almost sure that in example above something's wrong :)
Regards
For example:
Computer from local network wants to reach for instance http://google.com and I want to redirect this computer ( from local network) to http://admf.eu.org which is not in local network but in Internet.
So it would look similar to :
iptables -t nat -A PREROUTING -s 10.10.2.3 -p tcp --dport 80 -j DNAT --to 212.33.84.236:80
....but I'm almost sure that in example above something's wrong :)
Regards
ASKER
....or....: iptables -t nat -A PREROUTING -i eth1 -s 10.10.2.3 -p tcp --dport 80 -j DNAT --to 212.33.84.236:80
...have no idea ...just need to redirect user that do not pay for internet:)
...have no idea ...just need to redirect user that do not pay for internet:)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ASKER
I'm newbie to linux but I think that what you wrote above isn't what I want to do.
I want to redirect local IP with destination port 80 to external IP on port 80.
Regards
P.S. Believe me i'm newbie :)
I want to redirect local IP with destination port 80 to external IP on port 80.
Regards
P.S. Believe me i'm newbie :)
> .. redirect local IP with destination port 80 to external IP on port 80.
you mean that you connect from a local host to another local server on port 80, and this should be redirected to an external server?
trying ASCII art
|
+-- router(with iptables) ---- external:80
|
+-- server:80
|
+-- host (connecting to server:80)
|
+-- other host
If so, iptables might be the wrong place to do it
Why not using a proxy on the host?
you mean that you connect from a local host to another local server on port 80, and this should be redirected to an external server?
trying ASCII art
|
+-- router(with iptables) ---- external:80
|
+-- server:80
|
+-- host (connecting to server:80)
|
+-- other host
If so, iptables might be the wrong place to do it
Why not using a proxy on the host?
ASKER
Actually my local network is small that's why I'm not using proxy. I know how to redirect ( i've found example) external IP to local host (forward) but have no idea how to forward local host to to external host on http protocol. Another words it make no sense to use proxy to redirect only one local host.
Regards
Regards
ASKER
Example:
localhost request: 'http://google.com'->server(iptables)->if protocol http from localhost then
redirect to 'http://yahoo.com'
:)
localhost request: 'http://google.com'->server(iptables)->if protocol http from localhost then
redirect to 'http://yahoo.com'
:)
ASKER
wrong example above ..sorry i was in hurry
example:
10.10.2.3 request: 'http://google.com'
server (212.33.84.236) with iptables: if request from 10.10.2.3 and protocol is http then redirect 10.10.2.3 to 'http://yahoo.com'
:+}
example:
10.10.2.3 request: 'http://google.com'
server (212.33.84.236) with iptables: if request from 10.10.2.3 and protocol is http then redirect 10.10.2.3 to 'http://yahoo.com'
:+}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ipchains is useless in this case as well??
I've been always thinking that proxy is used when there are many computers in local network to accelerate http protocol.
Anyway tomorrow i wil close this question and give you the points
Regards
I've been always thinking that proxy is used when there are many computers in local network to accelerate http protocol.
Anyway tomorrow i wil close this question and give you the points
Regards
iptables -A INPUT -i eth0 -p tcp --dport 30 -j ACCEPT -d 10.10.2.3
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# assuming that your internet NIC is eth0, and the LAN NIC is eth1
Also:
> .. redirecting .. to another web site.
are you shure you need to do it on IP-level, or is it more a application-level issue?