LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   prevent denial of service redirect to another machine (http://www.linuxquestions.org/questions/linux-newbie-8/prevent-denial-of-service-redirect-to-another-machine-4175443466/)

newbie_ubu 12-30-2012 08:40 AM

prevent denial of service redirect to another machine
 
Hello all,

i have 2 pc like this:
pc1 192.168.0.1 port:80
pc2 192.168.0.2 port:80

I want when the user wants to access the web server, it will be displayed on the web server ip 192.168.0.1. But when anyone try attack like as denial of service, it will be in direct to the ip 192.168.0.2.
So, how that iptables configuration in pc1(192.168.0.1)?

Thank you for your answer

bijo505 12-30-2012 03:28 PM

Quote:

Originally Posted by newbie_ubu (Post 4859472)
Hello all,

i have 2 pc like this:
pc1 192.168.0.1 port:80
pc2 192.168.0.2 port:80

I want when the user wants to access the web server, it will be displayed on the web server ip 192.168.0.1. But when anyone try attack like as denial of service, it will be in direct to the ip 192.168.0.2.
So, how that iptables configuration in pc1(192.168.0.1)?

Thank you for your answer


Hi Newbie_ubu,
If you want to redirect to a particular host, you need to use nating and in your router host, the nat table should have the entry like this.

iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -m recent --name badguy --rsource --update --seconds 60 --reap --hitcount 20 -j DNAT --to-destination 192.168.0.2:80
iptables -t nat -I PREROUTING 2 -p tcp --syn --dport 80 -j DNAT --to-destination 192.168.0.1:80

In this example, if the no of connections exceeds 20/min it will redirect to the second host.

If you don't want to use nating, you can simply drop the hosts using by
iptables -t filter -I INPUT 1 -p tcp --dport 80 -m recent --name badguy --rsource --update --seconds 60 --reap --hitcount 20 -j DROP

PS:- Please note I haven't tested this, but I hope this will work, kindly let me know the status.
--
Thanks,
Bijo


All times are GMT -5. The time now is 05:00 PM.