Solved

Redirecting IP from local network (iptables)

Posted on 2004-03-22
11
2,187 Views
Last Modified: 2010-04-22
Hi everyone.

I'm looking for help with iptables and redirecting. I have local network with NAT.  I'd like to redirect  computer ( for example 10.10.2.3)  using http protocol to another web site.

Thank you in advance.
0
Comment
Question by:Murdoc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10652702
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT   --to 10.10.2.3
iptables -A INPUT  -i eth0 -p tcp --dport 30 -j ACCEPT  -d  10.10.2.3
iptables -A INPUT  -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# assuming that your internet NIC is eth0, and the LAN NIC is eth1

Also:
> .. redirecting .. to another web site.
are you shure you need to do it on IP-level, or is it more a application-level issue?
0
 

Author Comment

by:Murdoc
ID: 10656715
Your example shows how to redirect computer from internet to local network but i'm looking for something opposite.
For example:

Computer from local network wants to reach for instance http://google.com and I want to redirect this computer ( from local network) to http://admf.eu.org which is not in local network but in Internet.

So it would look similar to :  
iptables -t nat -A PREROUTING -s 10.10.2.3 -p tcp --dport 80 -j DNAT   --to 212.33.84.236:80

....but I'm almost sure that in example above something's wrong  :)

Regards
0
 

Author Comment

by:Murdoc
ID: 10656739
....or....: iptables -t nat -A PREROUTING -i eth1 -s 10.10.2.3 -p tcp --dport 80 -j DNAT   --to 212.33.84.236:80


...have no idea ...just need to redirect user that do not pay for internet:)
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 10658645
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
0
 

Author Comment

by:Murdoc
ID: 10661121
I'm newbie to linux but I think that what you wrote above isn't what I want to do.
I want to redirect local IP with destination port 80 to external IP on port 80.

Regards


P.S. Believe me i'm newbie :)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10661933
> .. redirect local IP with destination port 80 to external IP on port 80.

you mean that you connect from a local host to another local server on port 80, and this should be redirected to an external server?

trying ASCII art

|
+-- router(with iptables) ---- external:80
|
+-- server:80
|
+-- host (connecting to server:80)
|
+-- other host

If so, iptables might be the wrong place to do it
Why not using a proxy on the host?
0
 

Author Comment

by:Murdoc
ID: 10662113
Actually my local network is small that's why I'm not using proxy. I know how to redirect ( i've found example) external IP to local host (forward) but have no idea how to forward  local host to to external host on http protocol. Another words it make no sense to use proxy to redirect only one local host.

Regards
0
 

Author Comment

by:Murdoc
ID: 10662224
Example:

localhost request: 'http://google.com'->server(iptables)->if protocol http from localhost then
redirect to 'http://yahoo.com'


:)
0
 

Author Comment

by:Murdoc
ID: 10662269
wrong example above ..sorry i was in hurry

example:

10.10.2.3 request: 'http://google.com'
server (212.33.84.236) with iptables: if request from 10.10.2.3 and protocol is http then redirect 10.10.2.3 to 'http://yahoo.com'

:+}
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 125 total points
ID: 10665046
this is not a iptables job
either simply change your DNS, or add yahoo.com with IP of google.com in your hosts file

> Another words it make no sense to use proxy to redirect only one local host.
why do you make a rule effecting all traffic, when it only should be for one host? That's what a proxy is for.
0
 

Author Comment

by:Murdoc
ID: 10672122
Ipchains  is useless in this case as well??
 I've been always thinking that proxy is used when there are many computers in local network to accelerate http protocol.

Anyway tomorrow i wil close this question and give you the points

Regards
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question