Re: IPTABLES routine help.

[Feizhou <feizhou@linuxmail.org>]

> 
> I am DNATing LAN user by "iptables -t nat -A
> PREROUTING -s 192.168.0.0/24 -i eth1 -p tcp -m tcp
> --dport 80 -j DNAT --to-destination 10.0.0.2:80".
> 
> Problem :
> whenever LAN user wish to acces internet he is
> forcebly taken to "index.htm" at 10.0.0.2:80. I have
> click link on index.htm to "www.google.com". Even when
> I clicks on link on "index.htm" page, it goes to
> index.htm page only.
> I tried putting "-m state NEW", thinking only when
> packet state is new it will take to "index.htm" and
> when user click on the link on "index.htm" page it
> will divert them to linked page. But this does not
> happen.

Of course it does not. You have already decided the destination when you 
used DNAT. So no matter what ip the destination (the ip for 
www.google.com or whatever) they will all go to 10.0.0.2 because that is 
what DNAT DOES. Please go read up on the Netfilter howto and understand 
what DNAT does.
> 
> Please guide me to rule which will take user to
> index.htm page at 10.0.0.2:80 only at first time. When
> user click link on index.htm page destined for some
> other page(www.google.com) It should allow user to go
> to google or whatever.

What are you trying to achieve?
> 
> If it is not possible by iptables, is there any
> technology by which i can achieve this.
> Thanks for support.

What are you trying to achieve?