From: Askar Ali Khan <askarali@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: how to redirect certain IPs to specific url
Date: Wed, 30 Jun 2004 14:13:44 +0500 [thread overview]
Message-ID: <a0f69e5040630021311b0555d@mail.gmail.com> (raw)
In-Reply-To: <200406300931.16812.Antony@Soft-Solutions.co.uk>
thanks im learn lot of things from your contribution to iptables
mailing lists :)
On Wed, 30 Jun 2004 09:31:16 +0100, Antony Stone
<antony@soft-solutions.co.uk> wrote:
>
> On Wednesday 30 June 2004 8:44 am, Askar Ali Khan wrote:
>
> > hi
> > got a very simple question, i want to redirect certain IPs(clients)
> > request to a specific URL (ip)?
>
> So long as you keep in mind two things:
>
> 1. An IP address is not the same thing as a URL (firstly, a server on one IP
> address may handle many different domains' websites, secondly a big domain
> such as Amazon, Microsoft, Yahoo may resolve to multiple IP addresses,
> thirdly an IP address (even if unique to a domain) cannot specify a path or
> filename which would follow the first / after the domain in a URL).
>
> 2. Netfilter works at OSI layers 3/4 (IP addresses and TCP/UDP port numbers),
> whereas HTTP works at layer 7 (URLs, hyperlinks and meaningful content).
>
> Provided both the above are acceptable, and what you want to do is to redirect
> certain source IP addresses when accessing TCP port 80 to a different
> destination address, then you can do this:
>
> iptables -A PREROUTING -t nat -p tcp --dport 80 -s a.b.c.d -j DNAT --to
> w.x.y.z
may i have to replace w.x.y.z with the IP of domain or simply
www.abc.com will work?
>
> where a.b.c.d is the IP address of the client you want to redirect and w.x.y.z
> is where you want them redirected to. If you want to do it only when they
> try to access a specific destination address (so other destinations are not
> redirected), simply add a "-d p.q.r.s" into the rule above, where p.q.r.s is
> the destination address you want them not to be able to reach.
>
> If this is not what you want, and you do indeed need to do stuff at OSI layer
> 7, working on HTTP rather than TCP and IP, you should probably look into
> http://www.squid-cache.org
we have firewall it redirect traffic to cache server running "squid"
:) may i put this rule on firewall machine or the cache server ?
>
> > and also later on how to Flush the specific rule from the the chain as
> > -A will append it on the bottom, how i will delete it ?
>
> Repeat the rule but with -D instead of -A
>
> Regards,
>
> Antony.
>
> --
> There's no such thing as bad weather - only the wrong clothes.
>
> - Billy Connolly
>
> Please reply to the list;
> please don't CC me.
>
>
next prev parent reply other threads:[~2004-06-30 9:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-30 7:44 how to redirect certain IPs to specific url Askar Ali Khan
2004-06-30 8:31 ` Antony Stone
2004-06-30 9:13 ` Askar Ali Khan [this message]
2004-06-30 9:34 ` Antony Stone
2004-06-30 15:14 ` James A. Pattie
2004-07-01 1:11 ` Ian Holsman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0f69e5040630021311b0555d@mail.gmail.com \
--to=askarali@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.