Quote:
Originally Posted by newbie_ubu
Hello all,
i have 2 pc like this:
pc1 192.168.0.1 port:80
pc2 192.168.0.2 port:80
I want when the user wants to access the web server, it will be displayed on the web server ip 192.168.0.1. But when anyone try attack like as denial of service, it will be in direct to the ip 192.168.0.2.
So, how that iptables configuration in pc1(192.168.0.1)?
Thank you for your answer
|
Hi Newbie_ubu,
If you want to redirect to a particular host, you need to use nating and in your router host, the nat table should have the entry like this.
iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -m recent --name badguy --rsource --update --seconds 60 --reap --hitcount 20 -j DNAT --to-destination 192.168.0.2:80
iptables -t nat -I PREROUTING 2 -p tcp --syn --dport 80 -j DNAT --to-destination 192.168.0.1:80
In this example, if the no of connections exceeds 20/min it will redirect to the second host.
If you don't want to use nating, you can simply drop the hosts using by
iptables -t filter -I INPUT 1 -p tcp --dport 80 -m recent --name badguy --rsource --update --seconds 60 --reap --hitcount 20 -j DROP
PS:- Please note I haven't tested this, but I hope this will work, kindly let me know the status.
--
Thanks,
Bijo