DNAT post authentication
Dear All,
I'm trying to do the following with my firewall: 1) redirect all web traffic to my gateway until a user is authenticated. 2) after authentication, add their ip to those allowed to surf. I've achieved point 1 with the following iptables rule: iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to 192.168.1.1 What I want to do now is on a per-ip basis drop this rule... but I can't find the syntax to do it... ideas? |
im confused.
the command for iptables which u typed is used to publish a web server which is located in private network. u have a linux which is a gateway, right? |
ciao maxut,
<i>the command for iptables which u typed is used to publish a web server which is located in private network.</i> You're right. But that's because my authentication mechanism is web-based. In fact, I've got the answer to my own question thanks to Oliver from Oxlux: > How about using the --line-numbers option and then inserting rules > before your DNAT entry to skip the authenticated users? > > e.g. iptables -t nat -I PREROUTING 3 -s 192.168.1.5 -j ACCEPT This works perfectly! Ian |
All times are GMT -5. The time now is 06:03 PM. |