[GLLUG] iptables help
Hampton, Rodney
rodney.hampton at jnli.com
Tue Feb 3 08:32:44 EST 2004
Alternately, you can just set up apache (strip it down to its bare bones)
and use ProxyPass from mod_proxy to accomplish the same thing. iptables is
a more elegant solution but sometimes a sledgehammer works too.
Rodney Hampton
-----Original Message-----
From: Melson, Paul [mailto:PMelson at sequoianet.com]
Sent: Tuesday, February 03, 2004 8:03 AM
To: Mike Rambo; Gllug List
Subject: RE: [GLLUG] iptables help
Unfortunately, iptables can't do any sort of upper-layer
inspection/rewriting the way some other firewalls can, so you will have
to tweak a web server somewhere to issue a generic response regardless
of request. The actual redirection is pretty straightforward, though:
# Set NAT/Mangle policies
/sbin/iptables -t nat --policy PREROUTING ACCEPT
/sbin/iptables -t nat --policy OUTPUT ACCEPT
/sbin/iptables -t nat --policy POSTROUTING ACCEPT
/sbin/iptables -t mangle --policy PREROUTING ACCEPT
/sbin/iptables -t mangle --policy OUTPUT ACCEPT
# Example redirect rule
/sbin/iptables -t nat -A PREROUTING -p tcp -d [restricted-net] --dport
80 -j REDIRECT --to [websvr-ip] --to-port 80
PaulM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.egr.msu.edu/archives/public/linux-user/attachments/20040203/62265a47/attachment-0001.htm
More information about the linux-user
mailing list