LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Change the destination URL by IPTABLES (https://www.linuxquestions.org/questions/linux-networking-3/change-the-destination-url-by-iptables-230407/)

swmok 09-14-2004 04:32 AM
Change the destination URL by IPTABLES
 
Hello:

I would like to change the destination URL of the client by IPTABLES.

The command I used is:

/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 10.100.129.0/24 --dport 80 [what should I do here]

The command checks that:
If the client IP is 10.100.129.0/24,
don't care about the original URL (may be "www.hotmail.com" or "www.myserver.com/abc")
it goes to "www.hello.com".

Pls. HELP!
Thanks.

ppuru 09-14-2004 05:42 AM
This thread is perhaps a continuation of the discussion below ...
http://www.linuxquestions.org/questi...hreadid=228165

However, take a look at this Linux Hack from OReilly

swmok 09-14-2004 08:35 AM
Yes. This is the OLD questions but ...
 
Hi:

I am sorry that I post the OLD question. I just rephrase it.

Why? It is because noone can answer my question. They just say read this and read that.

Actuall I've tried all your suggestions and nothing works.

My NAT server is activated and I just add a command to block all the clients 10.100.129.0/24.
These clients go to the NAT apache.

When this client goes to "www.hotmail.com" or "www.yahoo.com", it is redirected to the NAT server homepage.
It works by this command.

/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 10.100.129.0/24 --dport 80 -j REDIRECT --to-port 80



However, when this client goes to "www.xxxxx.com/abcabc", it is redirected to "www.[NAT server].com/abcabc" and the apache inside the NAT server cannot find and homepage and return an error.
It can only replace www.[client input server].com by www.[NAT server].com. Not redirect.

Thus, pls. help. How can I do this?

thanks

xinu 09-14-2004 09:42 AM
The regular iptables works with IP/MAC addresses, perhaps you could achive the whole thing with dnsmasq or other DNS software.

I suggest you tweak the dnsmasq (or other dns soft of your choice) to simply reply www.example.com domains with the IP address of www.example.org.

With iptables you may just forward all traffic coming from your lan with a destination port of 53 (dns, for example if they are trying to connect to a dns server outiside) to the gateway's port 53.

Code:
# Forwards all dns traffic to the gateway:
/usr/sbin/iptables -t nat -A PREROUTING -i $local_interface -p UDP --dport 53 -j REDIRECT --to-ports 53

ppuru 09-14-2004 11:33 AM
swmok, any luck with the rinetd stuff - from Linux Hack#48


All times are GMT -5. The time now is 02:15 AM.