From: "iic1tls" <iic1tls@yahoo.com>
To: netfilter@vger.kernel.org
Subject: Bastion Firewall Host Redirect Question
Date: Tue, 14 Dec 2010 08:54:13 -0600 [thread overview]
Message-ID: <000601cb9b9e$c6e81e30$54b85a90$@com> (raw)
Dear All,
Thank you for your time, and please reply to this message if you have any
suggestions.
Before posing my question, some background:
A firewall has been constructed using RH Fedora 13, Kernel 2.6.34.7-63, and
IPTables 1.4.7. The firewall is a simple, twin adapter configuration, with
the external interface (eth0) facing the internet, and the other interface
(eth1) facing a small private network (single IP subnet). The firewall is a
bastion host, meaning that the firewall host contains nothing but the
operating system, IPTables, and only those items needed to support operation
of the host itself. The firewall does not run any other applications.
Contained within the private network is a web server.
Network:
Base Address: 149.10.10.0/24
Web Server: 149.10.10.25
Clients: located at various addresses on the subnet.
Firewall eth1 Address: 149.10.10.1
DNS Address: 149.10.10.2
QUESTION
Given that clients on the internal network can freely surf the internet: if
the clients select a specific web site (ie www.website.com), my goal is to
configure IPTables to instead redirect the client to the internal web
server.
- If the client web browser is going to surf www.website.com, then iptables
redirects the client to 149.10.10.25
- If the client web browser is going to surf any other website, then
iptables permits the client to forward to the internet.
***
I have attempted several iptables rules, including:
iptables -v -t nat -A PREROUTING --in-interface eth1 --dport 80 -d
www.website.com -j DNAT --to 149.10.10.25
However, this appears to have no effect.
Can you please recommend the rule I should be using to perform this feat?
THANK YOU
next reply other threads:[~2010-12-14 14:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-14 14:54 iic1tls [this message]
2010-12-14 14:59 ` Bastion Firewall Host Redirect Question Jonathan Tripathy
2010-12-14 15:10 ` iic1tls
2010-12-14 17:32 ` /dev/rob0
2010-12-14 20:01 ` Billy Crook
2010-12-17 21:35 ` Pascal Hambourg
-- strict thread matches above, loose matches on Subject: below --
2010-12-14 15:10 iic1tls
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000601cb9b9e$c6e81e30$54b85a90$@com' \
--to=iic1tls@yahoo.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox