LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-14-2008, 12:46 AM   #1
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,143
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Question iptables redirection?


Hi,

I have two systems on LAN 192.168.0.54 and 192.168.0.64.

I want to redirect request coming on port 80 of 192.168.0.54 to port 80 of 192.168.0.64,so can any one suggest me the correct rule.Is the rule given below correct?

#iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 192.168.0.54 --dport 80 -j DNAT --to-destination 192.168.0.64

If its wrong, can any one suggest the correct rule?
 
Old 04-14-2008, 09:49 PM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
I think your proposed rule is maybe more restrictive than you want, because it restricts this redirection to connections that originate on 192.168.0.54. Perhaps a better choice would be
Code:
 #iptables -t nat -A PREROUTING -p tcp -d 192.168.0.54 --dport 80 -j DNAT --to-destination 192.168.0.64
Depending on the other rules in your firewall configuration, you will probably need the following
Code:
#iptables -A FORWARD -i eth1 -s 192.168.0.64 --sport 80 -j ACCEPT
#iptables -A FORWARD -m state -p tcp --state ESTABLISHED -j ACCEPT
The first of these additional rules allows the first reply packet from your web server back through the firewall, and the second rule takes care of any further communication on that connection. If your firewall machine is itself

In addition, if your intention is to re-route external HTTP requests to an internal server, you will need some sort of DNAT rule to masquerade the private network address (192.168.0.x) that will appear as the source in any reply packets.
 
Old 04-16-2008, 07:09 AM   #3
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,143
Blog Entries: 4

Original Poster
Rep: Reputation: 147Reputation: 147
Hi thanks,

I did the same thing which you have mentioned but i am not getting redirected to the correct website ..it not getting corrected... i have transparent proxy on my gateway...


Prayag
 
Old 04-16-2008, 11:10 PM   #4
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
As I understand it, a proxy server can accomplish the redirection on its own that you are trying to achieve with iptables rules. Is there some reason that you do not want to configure the proxy server to do the redirection of HTTP traffic directly to your other box?

It seems likely that this proxy server is getting in the way of the iptables rules. This is a case of my not knowing enough about your system to provide you with a useful answer. Next time, I will ask more questions about everything that is running on the firewall machine.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables redirection mallikk_in Linux - Networking 11 09-02-2007 01:00 AM
Help:iptables redirection swmok Linux - Networking 2 11-24-2004 07:47 AM
IPtables Redirection Exception? BoarderX Linux - Networking 7 09-22-2004 06:43 PM
redirection of ftp using iptables bacon22 Linux - General 1 03-10-2004 05:21 PM
Iptables, Port redirection... and I'm a nimrod finegan Linux - Networking 3 09-14-2003 01:48 PM


All times are GMT -5. The time now is 11:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration