On Wednesday 02 April 2003 10:33 am, intercomax@xxxxxxxxxxxx wrote:
> Hi all,
>
> Is it possible to redirect any url request to another address, from an
> internal nat address requesting a valid url to a internal specific
> address? Something like iptables -t nat -A PREROUTING -p tcp -d
> 192.168.0.0/255.255.0.0 --dport 80 -j DNAT --to-destination
> 192.168.5.254:80 ?
Yes. However with your scenario above, if the client making the request
is in 192.168.0.0/16 then it will connect directly to the host, not
through the firewall. If the destinations being redirected are public
IPs with a local client, and the DNAT target is also local, then it is
also necessary to add:
iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 192.168.5.254 -j SNAT
--to {FirewallLocalIP}
So that replies will be sent to the firewall to be unDNATted (and now
unSNATted) to show the IP the client expects a reply from.
j
