Results 1 to 3 of 3
Hi All, what i'm trying to achieve is the following and I'm 99% there. This is the last little bit i need to do. I have a Transparent proxy server ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-25-2010 #1
- Join Date
- Jul 2005
- Australia (Down Under)
IPTABLES rule to redirect users to my internal webpage
what i'm trying to achieve is the following and I'm 99% there. This is the last little bit i need to do.
I have a Transparent proxy server and use NTOP to monitor bandwidth, i want to use IPTABLES to redirect a user to a page on my internal apache/proxy server that says "you have used too much data today"
my proxy, ntop, etc works, but I cant get that final IPTABLES rule to work.
here is my existing IPTABLES rules
#!/bin/sh # squid server IP SQUID_SERVER="192.168.3.254" # Interface connected to Internet INTERNET="eth2" # Interface connected to LAN LAN_IN="eth0" # Squid port SQUID_PORT="8080" # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT -to-port $SQUID_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP
ISP Modem == Linksys Router == (eth2)Proxyserver (eth1) ==LAN
what would the IPTABLES rule be to redirect all traffic from 192.168.3.200(a user PC) to 192.168.3.254 (Proxy/web server) on port 80.
this way the user will be displayed with a message that says they have been blocked.
I have tried a few things but none of them seemed to work for me.
Thanks for your helpLinux is the OS of tomorrow, Here today!!
- 11-26-2010 #2
- Join Date
- Feb 2009
may be this helps.
iptables -t nat -A PREROUTING -s 192.168.3.200 -i eth1 -j DNAT --to-destination 192.168.3.254
- 11-26-2010 #3
- Join Date
- Dec 2007
This isn't an answer, so it's most likely useless.
However, maybe what you want is to simply send everything to squid:
iptables -t nat -A PREROUTING -i $lan -p tcp --dport 80 -j REDIRECT --to-port $s_port
and then have squid take care of all your content filtering?
Squid has other features too, and maybe you want to take advantage of them:
specialized url rewriting, etc.