Find the answer to your Linux question:
Results 1 to 3 of 3
Hi All, what i'm trying to achieve is the following and I'm 99% there. This is the last little bit i need to do. I have a Transparent proxy server ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 11-25-2010 #1
    crazy01
    crazy01 is offline
    Linux Newbie
    Join Date
    Jul 2005
    Location
    Australia (Down Under)
    Posts
    141

    IPTABLES rule to redirect users to my internal webpage

    Hi All,

    what i'm trying to achieve is the following and I'm 99% there. This is the last little bit i need to do.

    I have a Transparent proxy server and use NTOP to monitor bandwidth, i want to use IPTABLES to redirect a user to a page on my internal apache/proxy server that says "you have used too much data today"

    my proxy, ntop, etc works, but I cant get that final IPTABLES rule to work.

    here is my existing IPTABLES rules
    Code:
    #!/bin/sh
# squid server IP
SQUID_SERVER="192.168.3.254"
# Interface connected to Internet
INTERNET="eth2"
# Interface connected to LAN
LAN_IN="eth0"
# Squid port
SQUID_PORT="8080"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack

echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT -to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
    my setup is as follows

    ISP Modem == Linksys Router == (eth2)Proxyserver (eth1) ==LAN

    what would the IPTABLES rule be to redirect all traffic from 192.168.3.200(a user PC) to 192.168.3.254 (Proxy/web server) on port 80.

    this way the user will be displayed with a message that says they have been blocked.


    I have tried a few things but none of them seemed to work for me.

    Thanks for your help
    Linux is the OS of tomorrow, Here today!!
    Reply With Quote Reply With Quote
  2. 11-26-2010 #2
    kapsikum
    kapsikum is offline
    Just Joined!
    Join Date
    Feb 2009
    Posts
    22
    may be this helps.
    iptables -t nat -A PREROUTING -s 192.168.3.200 -i eth1 -j DNAT --to-destination 192.168.3.254
    Reply With Quote Reply With Quote
  3. 11-26-2010 #3
    cong06
    cong06 is offline
    Just Joined!
    Join Date
    Dec 2007
    Posts
    16
    This isn't an answer, so it's most likely useless.

    However, maybe what you want is to simply send everything to squid:
    s_port="3128"
    lan="eth0"
    iptables -t nat -A PREROUTING -i $lan -p tcp --dport 80 -j REDIRECT --to-port $s_port

    and then have squid take care of all your content filtering?
    Squid has other features too, and maybe you want to take advantage of them:
    password authentication
    caching
    specialized url rewriting, etc.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules