LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page DNAT post authentication
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-01-2004, 08:30 AM   #1
kubla
LQ Newbie
 
Registered: Jan 2004
Posts: 11

Rep: Reputation: 0
DNAT post authentication

Dear All,

I'm trying to do the following with my firewall:

1) redirect all web traffic to my gateway until a user is authenticated.

2) after authentication, add their ip to those allowed to surf.

I've achieved point 1 with the following iptables rule:
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to 192.168.1.1
What I want to do now is on a per-ip basis drop this rule... but I can't find the syntax to do it... ideas?
 
Old 04-02-2004, 04:58 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
im confused.
the command for iptables which u typed is used to publish a web server which is located in private network.

u have a linux which is a gateway, right?
 
Old 04-02-2004, 06:38 AM   #3
kubla
LQ Newbie
 
Registered: Jan 2004
Posts: 11

Original Poster
Rep: Reputation: 0
ciao maxut,

<i>the command for iptables which u typed is used to publish a web server which is located in private network.</i>

You're right. But that's because my authentication mechanism is web-based. In fact, I've got the answer to my own question thanks to Oliver from Oxlux:

> How about using the --line-numbers option and then inserting rules > before your DNAT entry to skip the authenticated users? > > e.g. iptables -t nat -I PREROUTING 3 -s 192.168.1.5 -j ACCEPT

This works perfectly!

Ian
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authentication service cannot retrieve authentication info Moffett67 Linux - Software 3 12-13-2007 03:16 AM
dnat kapcreations Linux - Networking 1 12-28-2004 04:12 PM
iptables DNAT pshepperd Linux - Security 1 05-22-2004 03:56 PM
iptables DNAT bentz Linux - Networking 15 05-19-2003 01:17 PM
DNAT won't work taylor Linux - Security 0 10-02-2001 06:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:56 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration