| michaelsanford |
05-21-2005 09:41 PM |
iptables - why am I still being redirected?
Code:
Chain PREROUTING (policy ACCEPT 3931 packets, 1199K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- wlan0 any homsar anywhere MAC 00:30:65:21:A9:EE
0 0 ACCEPT tcp -- wlan0 any homsar anywhere MAC 00:30:65:21:A9:EE
40 2400 DNAT tcp -- wlan0 any anywhere anywhere tcp dpt:http to:10.0.0.1
3 180 DNAT tcp -- wlan0 any anywhere anywhere tcp dpt:!http to:10.0.0.1:8080
Chain POSTROUTING (policy ACCEPT 2 packets, 140 bytes)
pkts bytes target prot opt in out source destination
92 5578 MASQUERADE all -- any eth0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 67 packets, 4034 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 68860 packets, 32M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 740 packets, 228K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- wlan0 wlan0 anywhere anywhere multiport dports telnet,24,smtp,auth,netbios-ns,netbios-dgm,netbios-ssn,svrloc,afpovertcp
0 0 DROP udp -- wlan0 wlan0 anywhere anywhere multiport dports telnet,24,smtp,auth,netbios-ns,netbios-dgm,netbios-ssn,svrloc,afpovertcp
Chain OUTPUT (policy ACCEPT 170K packets, 192M bytes)
pkts bytes target prot opt in out source destination
On homsar I hit a web site, say <shameless plug> www.carumeen.com</shameless plug> and am redirected to my authenticator page on 10.0.0.1. My PHP page retains the originally desired URL and displays a link to it once authenticated, which are the two rules in bold inserted above the redirect.
Why, then, when I click that link am I bounced back to the authenticator? I can access any other URL without being redirected.
I assume then it has something to do with the routing cache? How can I correct this without an `ip route flush`?
PS What's the second DNAT rule for? It's a portmsg server that displays a message if, say, you try to telnet somewhere before authenticating; kind'a clever I think ;) |
