From: Antony Stone <Antony@Soft-Solutions.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: how to redirect certain IPs to specific url
Date: Wed, 30 Jun 2004 09:31:16 +0100 [thread overview]
Message-ID: <200406300931.16812.Antony@Soft-Solutions.co.uk> (raw)
In-Reply-To: <a0f69e504063000446f514e22@mail.gmail.com>
On Wednesday 30 June 2004 8:44 am, Askar Ali Khan wrote:
> hi
> got a very simple question, i want to redirect certain IPs(clients)
> request to a specific URL (ip)?
So long as you keep in mind two things:
1. An IP address is not the same thing as a URL (firstly, a server on one IP
address may handle many different domains' websites, secondly a big domain
such as Amazon, Microsoft, Yahoo may resolve to multiple IP addresses,
thirdly an IP address (even if unique to a domain) cannot specify a path or
filename which would follow the first / after the domain in a URL).
2. Netfilter works at OSI layers 3/4 (IP addresses and TCP/UDP port numbers),
whereas HTTP works at layer 7 (URLs, hyperlinks and meaningful content).
Provided both the above are acceptable, and what you want to do is to redirect
certain source IP addresses when accessing TCP port 80 to a different
destination address, then you can do this:
iptables -A PREROUTING -t nat -p tcp --dport 80 -s a.b.c.d -j DNAT --to
w.x.y.z
where a.b.c.d is the IP address of the client you want to redirect and w.x.y.z
is where you want them redirected to. If you want to do it only when they
try to access a specific destination address (so other destinations are not
redirected), simply add a "-d p.q.r.s" into the rule above, where p.q.r.s is
the destination address you want them not to be able to reach.
If this is not what you want, and you do indeed need to do stuff at OSI layer
7, working on HTTP rather than TCP and IP, you should probably look into
http://www.squid-cache.org
> and also later on how to Flush the specific rule from the the chain as
> -A will append it on the bottom, how i will delete it ?
Repeat the rule but with -D instead of -A
Regards,
Antony.
--
There's no such thing as bad weather - only the wrong clothes.
- Billy Connolly
Please reply to the list;
please don't CC me.
next prev parent reply other threads:[~2004-06-30 8:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-30 7:44 how to redirect certain IPs to specific url Askar Ali Khan
2004-06-30 8:31 ` Antony Stone [this message]
2004-06-30 9:13 ` Askar Ali Khan
2004-06-30 9:34 ` Antony Stone
2004-06-30 15:14 ` James A. Pattie
2004-07-01 1:11 ` Ian Holsman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200406300931.16812.Antony@Soft-Solutions.co.uk \
--to=antony@soft-solutions.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.