>-----Original Message----- >From: netfilter-admin@xxxxxxxxxxxxxxxxxxx >[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Paul >J. Caritj >Sent: Wednesday, 29 October 2003 11:01 >To: netfilter@xxxxxxxxxxxxxxxxxxx >Subject: Redirecting Traffic Locally > > >Gents, >Hopefully this is an easy question :) > >I have a firewall with a built in webserver. I want all traffic going >through this firewall, not to (or from) a proscribed list of IPs to be >redirected to the Site hosted on the firewall itself (its a signup >page). At present, I'm using redirection of this form: > >iptables -t nat -A UNREGISTERED -s 0/0 -d 0/0 -j DNAT --to-destination >XXXXXXX; Have you tried using 'REDIERCT' instead of 'DNAT' ? iptables -t nat -A UNREGISTERED -j REDIRECT --to <localport> > >A rule in the PREROUTING chain bounces traffic to the UNREGISTERED >chain. The system works fine when XXXXXXX is outside the network. >However, I cannot DNAT to the firewall itself. Thoughts, anyone? Stuart
