[GLLUG] iptables help

Mike Rambo mrambo at lsd.k12.mi.us
Mon Feb 2 20:30:47 EST 2004


How do I configure iptables on a box to redirect all port 80 requests
(regardless of nature) to one specific ip address which will contain
instructions for the user?

We have certain networks that are closed networks unless expressly
permitted - meaning that they don't route unless acl's are updated to
permit it. We do this by leasing the ip address based up mac address and
then running a daemon to update the firewall dynamically to pass
approved traffic.

The problem with this presently is that the user of a box that has not
went through the approval process only sees that the computer doesn't
work but provides no useful feedback - it times out or gets a non
specific error depending on how we set it up. We'd like to add a small
dhcp scope that supplies addresses to whoever plugs a machine in to the
drop but then sends all requests from those addresses to a specific web
page on an internal server (probably on the same subnet) that gives
instuctions on what to do to request approved access.

There are bunches of how-tos for forwarding external internet traffic to
internal web servers but I haven't found anything for redirecting
internal boxes to internal web pages particularly when they are on the
same subnet. Compounding the problem is that the requests from external
boxes from many places all directed to one place - the web server. We
need to intercept internal requests directed to many/any locations -
probably none of them to the web server and redirect them there anyway.
I've tried various combinations of DNAT and SNAT but haven't found the
magic combination. Seems like I recall MSU does some of this - maybe in
the dorms or something. Anyone know how?

Thanks.


-- 
Mike Rambo
mrambo at lsd.k12.mi.us



More information about the linux-user mailing list