IPTABLES routine help.

All of lore.kernel.org
 help / color / mirror / Atom feed

* IPTABLES routine help.
@ 2004-06-24  3:08 ads nat
  2004-06-24  3:32 ` Feizhou
  0 siblings, 1 reply; 2+ messages in thread
From: ads nat @ 2004-06-24  3:08 UTC (permalink / raw)
  To: netfilter

Hi,
I am running Redhat Linux 9 server as firewall, 
routing two subnets "eth1" 192.168.0.0 and "eth2"
10.0.0.1. "eth0" is Internet Interface.

10.0.0.2 is DMZ machine on which Web server is
runnung.
192.168.0.1 is a LAN. LAN users can access web server,
properly DNATed through router/firewall.

I have created web site at 10.0.0.2:80 on which I am
putting index.htm page to display notice for LAN
users.

I am DNATing LAN user by "iptables -t nat -A
PREROUTING -s 192.168.0.0/24 -i eth1 -p tcp -m tcp
--dport 80 -j DNAT --to-destination 10.0.0.2:80".

Problem :
whenever LAN user wish to acces internet he is
forcebly taken to "index.htm" at 10.0.0.2:80. I have
click link on index.htm to "www.google.com". Even when
I clicks on link on "index.htm" page, it goes to
index.htm page only.
I tried putting "-m state NEW", thinking only when
packet state is new it will take to "index.htm" and
when user click on the link on "index.htm" page it
will divert them to linked page. But this does not
happen.

Please guide me to rule which will take user to
index.htm page at 10.0.0.2:80 only at first time. When
user click link on index.htm page destined for some
other page(www.google.com) It should allow user to go
to google or whatever.

If it is not possible by iptables, is there any
technology by which i can achieve this.
Thanks for support.

__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: IPTABLES routine help.
  2004-06-24  3:08 IPTABLES routine help ads nat
@ 2004-06-24  3:32 ` Feizhou
  0 siblings, 0 replies; 2+ messages in thread
From: Feizhou @ 2004-06-24  3:32 UTC (permalink / raw)
  To: ads nat; +Cc: netfilter


> 
> I am DNATing LAN user by "iptables -t nat -A
> PREROUTING -s 192.168.0.0/24 -i eth1 -p tcp -m tcp
> --dport 80 -j DNAT --to-destination 10.0.0.2:80".
> 
> Problem :
> whenever LAN user wish to acces internet he is
> forcebly taken to "index.htm" at 10.0.0.2:80. I have
> click link on index.htm to "www.google.com". Even when
> I clicks on link on "index.htm" page, it goes to
> index.htm page only.
> I tried putting "-m state NEW", thinking only when
> packet state is new it will take to "index.htm" and
> when user click on the link on "index.htm" page it
> will divert them to linked page. But this does not
> happen.

Of course it does not. You have already decided the destination when you 
used DNAT. So no matter what ip the destination (the ip for 
www.google.com or whatever) they will all go to 10.0.0.2 because that is 
what DNAT DOES. Please go read up on the Netfilter howto and understand 
what DNAT does.
> 
> Please guide me to rule which will take user to
> index.htm page at 10.0.0.2:80 only at first time. When
> user click link on index.htm page destined for some
> other page(www.google.com) It should allow user to go
> to google or whatever.

What are you trying to achieve?
> 
> If it is not possible by iptables, is there any
> technology by which i can achieve this.
> Thanks for support.

What are you trying to achieve?


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-06-24  3:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-24  3:08 IPTABLES routine help ads nat
2004-06-24  3:32 ` Feizhou

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.