LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-17-2007, 01:28 AM   #1
Santoshkb
Member
 
Registered: Sep 2007
Posts: 40

Rep: Reputation: 15
Question dout in iptable redirecting http traffic?


Hi,
in my project i need to redirect all requets from browser to http port 8080(i have test page)

i did,
iptables -t nat -A PREROUTING -m mac --mac-source 00:78:21:56:09:67 --dport 80 -j REDIRECT --to-port 8080

yes this wrks fine if i acess gatekeeper. ie 192.168.0.215 -> will be redirested to port 8080 on 192.168.0.215 , fine

but requrement say if we wanna acess ex.www.google.com from browser should also redirect to port 8080


wondering wheather i need to handle any iptable -t filter tables , though its new for me!
awaiting ur technicall expertise!

thanks in advance
 
Old 09-17-2007, 02:14 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Do you have the client configured to use 192.168.0.215 as its default gateway?

Are you able to ping google.com from the client?

Last edited by win32sux; 09-17-2007 at 02:16 AM.
 
Old 09-17-2007, 04:05 AM   #3
Santoshkb
Member
 
Registered: Sep 2007
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by win32sux View Post
Do you have the client configured to use 192.168.0.215 as its default gateway?

Are you able to ping google.com from the client?
yes dhcp server runs in 0.215 , and clients ip are sassigned with default g/w as 0.215 in my case client is 0.224
client cant ping to google.com in my test scenario,
requirement is any acess thru browser has to be redirected to gatekeeper port 8080
 
Old 09-17-2007, 05:34 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Well, with the info you've posted so far, I can't see any obvious reason why it wouldn't work. What happens when you try to access google.com with the browser? Do you get some sort of error?

EDIT: I just checked the iptables manual and it says that you should specify "-p TCP" in your rule. I'd also take it a step further and specify the incoming interface.
Code:
   REDIRECT
       This  target is only valid in the nat table, in the PREROUTING and OUT‐
       PUT chains, and user-defined chains which are only  called  from  those
       chains.   It redirects the packet to the machine itself by changing the
       destination IP  to  the  primary  address  of  the  incoming  interface
       (locally-generated  packets  are  mapped to the 127.0.0.1 address).  It
       takes one option:

       --to-ports port[-port]
              This specifies a destination port or  range  of  ports  to  use:
              without  this,  the  destination port is never altered.  This is
              only valid if the rule also specifies -p tcp or -p udp.

Last edited by win32sux; 09-17-2007 at 05:39 AM.
 
Old 09-17-2007, 08:04 AM   #5
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
Quote:
Originally Posted by Santoshkb View Post
yes dhcp server runs in 0.215 , and clients ip are sassigned with default g/w as 0.215 in my case client is 0.224
client cant ping to google.com in my test scenario,
requirement is any acess thru browser has to be redirected to gatekeeper port 8080
hi,

have you done NAT?
do you have any DROP statement in the FW regarding ping?
ip_forwarding checked?

pls check again your redirection statement :

why dont you use a simple one for testing purpose

iptables -t nat -I PREROUTING -i $LANIF -p tcp --dport <port> -j REDIRECT --to <destort>

HTH.
 
Old 09-17-2007, 09:55 AM   #6
Santoshkb
Member
 
Registered: Sep 2007
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rossonieri#1 View Post
hi,

have you done NAT?
do you have any DROP statement in the FW regarding ping?
ip_forwarding checked?

pls check again your redirection statement :

why dont you use a simple one for testing purpose

iptables -t nat -I PREROUTING -i $LANIF -p tcp --dport <port> -j REDIRECT --to <destort>

HTH.
thanku for sugestions.. but still unchanged.

yes -p tcp had specified, iptable -t nat -L contains only the rule i have mentioned.

redirection is to be done based on mac id of client.

current situation,
when i browse ex. test.com from 192.168.0.224(client)
pop ups error box "internet explorer cant open this page"


requirement ,the configuration should to be done in gatekeeper server,
and cannot be done in client.

Last edited by Santoshkb; 09-17-2007 at 09:58 AM. Reason: 1
 
Old 09-17-2007, 10:12 AM   #7
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
What is "gatekeeper"? Do you have a link?

Whatever it is, it will need to be able to handle the redirected packets in a fashion similar to a transparent/intercepting proxy. If the daemon you have listening on port 8080 doesn't know how to handle these redirected packets, it won't work right. My guess is that the redirection is working fine, but whatever is listening on 8080 isn't set up right. This would explain why it works OK if you try to connect *directly* to the gateway/firewall.

EDIT: Also, what DNS servers is the client configured to use? One on the gateway/firewall box? Or one on the other side (provided by your ISP, for example)? I'm trying to determine whether your Internet Explorer is having DNS lookup problems.

Last edited by win32sux; 09-17-2007 at 10:23 AM.
 
Old 09-17-2007, 01:28 PM   #8
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
Quote:
Originally Posted by Santoshkb View Post
yes dhcp server runs in 0.215 , and clients ip are sassigned with default g/w as 0.215 in my case client is 0.224
client cant ping to google.com in my test scenario,
requirement is any acess thru browser has to be redirected to gatekeeper port 8080
mmm.. have you specify which DNS server to use?
all proxy software (such as squid etc) set yet?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 12:09 AM
Redirecting traffic to eth0/eth1 kar_the_terrible Linux - Networking 2 11-08-2006 08:26 AM
redirecting http server xowl Linux - Networking 3 06-18-2005 04:25 AM
how to find http traffic and mail traffic alone? basbosco Linux - General 1 06-07-2005 10:29 PM
redirecting vpn traffic brb5548 Linux - Networking 1 07-01-2003 01:13 PM


All times are GMT -5. The time now is 02:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration