Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Jul 2005
    Australia (Down Under)

    IPTABLES rule to redirect users to my internal webpage

    Hi All,

    what i'm trying to achieve is the following and I'm 99% there. This is the last little bit i need to do.

    I have a Transparent proxy server and use NTOP to monitor bandwidth, i want to use IPTABLES to redirect a user to a page on my internal apache/proxy server that says "you have used too much data today"

    my proxy, ntop, etc works, but I cant get that final IPTABLES rule to work.

    here is my existing IPTABLES rules
    # squid server IP
    # Interface connected to Internet
    # Interface connected to LAN
    # Squid port
    # Clean old firewall
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    # Load IPTABLES modules for NAT and IP conntrack support
    modprobe ip_conntrack
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # Setting default filter policy
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    # Unlimited access to loop back
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    # Allow UDP, DNS and Passive FTP
    iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
    # set this system as a router for Rest of LAN
    iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
    iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    # unlimited access to LAN
    iptables -A INPUT -i $LAN_IN -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN -j ACCEPT
    # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
    # if it is same system
    iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT -to-port $SQUID_PORT
    # DROP everything and Log it
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP
    my setup is as follows

    ISP Modem == Linksys Router == (eth2)Proxyserver (eth1) ==LAN

    what would the IPTABLES rule be to redirect all traffic from user PC) to (Proxy/web server) on port 80.

    this way the user will be displayed with a message that says they have been blocked.

    I have tried a few things but none of them seemed to work for me.

    Thanks for your help
    Linux is the OS of tomorrow, Here today!!

  2. #2
    may be this helps.
    iptables -t nat -A PREROUTING -s -i eth1 -j DNAT --to-destination

  3. #3
    This isn't an answer, so it's most likely useless.

    However, maybe what you want is to simply send everything to squid:
    iptables -t nat -A PREROUTING -i $lan -p tcp --dport 80 -j REDIRECT --to-port $s_port

    and then have squid take care of all your content filtering?
    Squid has other features too, and maybe you want to take advantage of them:
    password authentication
    specialized url rewriting, etc.

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts