(IPTABLES) redirect web site to a file?

dmane15 · 04-20-2003, 09:13 PM

Is it possible to redirect ... www.whatever.com to a file on the local drive... for example, if they went to go to this particular website, instead of the page showing in the browser, a picture saying this website is off limits would appear in the browser?????

TIA

iceman47 · 04-20-2003, 09:37 PM

sure, if you own the domain name and configure apache so it shows that picture upon connection.

DavidPhillips · 04-20-2003, 09:37 PM

index.html in the DocumentRoot of the VirtualHost

the index.html file can contain a picture or whatever message you want

jdc2048 · 04-21-2003, 01:21 AM

Do I read this right, as you are trying to control outbound connections to external (banned) websites? Like proxying or a net-nanny thing, keeping the kids from looking at nasty things?

The answers so far have been for incoming connections to a website that you host.

I don't know if "linux-newbs" is the right forum for this kinda question. You may want to get it moved to "linux-security". (don't double-post, just ask the moderator to move it).

DavidPhillips · 04-21-2003, 01:43 AM

Oh I see what your saying now!
I think

try something like dans guardian or squidguard

Robert0380 · 04-21-2003, 10:52 AM

you could do this with iptables easily, let's say you dont want computers on your network to access whatever.com, i'd do an nslookup on whatever.com and lets say the ip of whatever.com is 1.2.3.4, here is what your iptable rule could look like:

iptables -t nat PREROUTING -d 1.2.3.4 -p tcp --dport 80 -j DNAT --to-destination 192.168.x.x

this will forward any incomming packets that are bound for 1.2.3.4 to 192.168.x.x ,if you have a web server running on 192.168.x.x then you can display whatever you want. if im wrong, someone correct me

DavidPhillips · 04-21-2003, 12:19 PM

that looks right,

This could grow very big and be somewhat intensive unless you are just blocking the one, or a few sites.

squidguard or dans guardian will block sites based on name, or content. without adding each site manually.

MasterC · 04-21-2003, 01:09 PM

The only hole I can see to shoot in that idea is that if the IP of whatever.com is dynamic

Cool

bhargavbhai · 08-11-2008, 05:42 AM

Hi robert,

Quote:

Originally Posted by Robert0380

iptables -t nat PREROUTING -d 1.2.3.4 -p tcp --dport 80 -j DNAT --to-destination 192.168.x.x

this will forward any incoming packets that are bound for 1.2.3.4 to 192.168.x.x ,if you have a web server running on 192.168.x.x then you can display whatever you want.

I have tried this rule but not able to run this command with argument PREROUTING and --dport.
I am getting error like this
Bad argument `PREROUTING'
Try `iptables -h' or 'iptables --help' for more information.

and plz also specify me that how ant I flush this rule if applied then.

I want to redirect mail.google.com to mail.aspl.in in my network.

Thanx in advance......

jomen · 08-11-2008, 05:53 AM

append "-I" (or "-A") before PREROUTING
like:
iptables -t nat -I PREROUTING -d 1.2.3.4 -p tcp --dport 80 -j DNAT --to-destination 192.168.x.x