[GLLUG] iptables help

Hampton, Rodney rodney.hampton at jnli.com
Tue Feb 3 08:32:44 EST 2004

Alternately, you can just set up apache (strip it down to its bare bones)
and use ProxyPass from mod_proxy to accomplish the same thing.  iptables is
a more elegant solution but sometimes a sledgehammer works too.

Rodney Hampton

-----Original Message-----
From: Melson, Paul [mailto:PMelson at sequoianet.com]
Sent: Tuesday, February 03, 2004 8:03 AM
To: Mike Rambo; Gllug List
Subject: RE: [GLLUG] iptables help

Unfortunately, iptables can't do any sort of upper-layer
inspection/rewriting the way some other firewalls can, so you will have
to tweak a web server somewhere to issue a generic response regardless
of request.  The actual redirection is pretty straightforward, though:

# Set NAT/Mangle policies
/sbin/iptables -t nat --policy PREROUTING ACCEPT
/sbin/iptables -t nat --policy OUTPUT ACCEPT
/sbin/iptables -t nat --policy POSTROUTING ACCEPT
/sbin/iptables -t mangle --policy PREROUTING ACCEPT
/sbin/iptables -t mangle --policy OUTPUT ACCEPT
# Example redirect rule
/sbin/iptables -t nat -A PREROUTING -p tcp -d [restricted-net] --dport
80 -j REDIRECT --to [websvr-ip] --to-port 80

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.egr.msu.edu/archives/public/linux-user/attachments/20040203/62265a47/attachment-0001.htm

More information about the linux-user mailing list