LinuxQuestions.org - DNAT post authentication

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - DNAT post authentication (https://www.linuxquestions.org/questions/linux-networking-3/dnat-post-authentication-164941/)

kubla

04-01-2004 08:30 AM

DNAT post authentication

Dear All,

I'm trying to do the following with my firewall:

1) redirect all web traffic to my gateway until a user is authenticated.

2) after authentication, add their ip to those allowed to surf.

I've achieved point 1 with the following iptables rule:
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to 192.168.1.1
What I want to do now is on a per-ip basis drop this rule... but I can't find the syntax to do it... ideas?

maxut

04-02-2004 04:58 AM

im confused.
the command for iptables which u typed is used to publish a web server which is located in private network.

u have a linux which is a gateway, right?

kubla

04-02-2004 06:38 AM

ciao maxut,

<i>the command for iptables which u typed is used to publish a web server which is located in private network.</i>

You're right. But that's because my authentication mechanism is web-based. In fact, I've got the answer to my own question thanks to Oliver from Oxlux:

> How about using the --line-numbers option and then inserting rules > before your DNAT entry to skip the authenticated users? > > e.g. iptables -t nat -I PREROUTING 3 -s 192.168.1.5 -j ACCEPT

This works perfectly!

Ian

All times are GMT -5. The time now is 06:03 PM.