LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables redirect AFTER INPUT/FORWARD chain processing (http://www.linuxquestions.org/questions/linux-networking-3/iptables-redirect-after-input-forward-chain-processing-567754/)

tunasashimi 07-09-2007 03:40 AM

Iptables redirect AFTER INPUT/FORWARD chain processing
 
Hi All

I have a webserver listening on port 79, and showing the splash page, no matter what the request. When I put this in my nat table:

iptables -t nat -D PREROUTING -i eth0 -p tcp -j REDIRECT --to-port 79

I get the desired effect. Only problem is that I don't know till much later for which hosts I need this.

I have a fairly complex firewall that processes *a lot* of rules in it's INPUT and FORWARD chains. What I need to do, is to redirect all the packets that INPUT and FORWARD would have dropped, to that port, for the permanent splash page.

My questions:

1) Is there a way?

2) Should I maybe tag/mangle the packets that would have been dropped and then redirect at POSTROUTING? (Very tedious)

3) Can I redirect directly from INPUT/FORWARD?

4) Can I send the packet back to PREROUTING from INPUT/FORWARD?

Would much appreciate any info you have!
Thanks
:study:


All times are GMT -5. The time now is 01:02 AM.