On Thu, 1 Jul 2004 13:05:17 +0100, Antony Stone <antony@xxxxxxxxxxxxxxxxxxxx> wrote: > > > On Thursday 01 July 2004 12:52 pm, Askar Ali Khan wrote: > > > hi, > > here im again with my simple question :), actually im learning netfilter > > thingy. I want if i or someone else type www.microsoft.com on my box > > (linux, netfilter) which is part of LAN instead of microsoft.com browrse > > give him www.linuxiso.org > > im practicing on my box and I will apply rule on this box. My boxes > > use another system running (win) as router/gateway > > > > I do know if i want to block microsoft.com or some other sites this > > rule is working for me > > #iptables -A OUTPUT -d www.microsoft.com -j DROP > > but i duno how to redirect the request with iptables thingy, > > > > antony i hope I will hear from you fast :) > > im learning lot of things from you :D > > I would *really* recommend that you do this sort of thing with Squid instead > of netfilter, espcially since you have selected www.microsoft.com as the > address to be redirected. > > Here's why: > > $ dig www.microsoft.com > > ; <<>> DiG 9.2.3 <<>> www.microsoft.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40318 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;www.microsoft.com. IN A > > ;; ANSWER SECTION: > www.microsoft.com. 3600 IN CNAME www.microsoft.com.nsatc.net. > www.microsoft.com.nsatc.net. 300 IN A 207.46.156.156 > www.microsoft.com.nsatc.net. 300 IN A 207.46.156.220 > www.microsoft.com.nsatc.net. 300 IN A 207.46.244.188 > www.microsoft.com.nsatc.net. 300 IN A 207.46.245.92 > www.microsoft.com.nsatc.net. 300 IN A 207.46.245.156 > www.microsoft.com.nsatc.net. 300 IN A 207.46.250.252 > www.microsoft.com.nsatc.net. 300 IN A 207.46.144.188 > www.microsoft.com.nsatc.net. 300 IN A 207.46.144.222 > > See all those different IP addresses? Those are what you would need to tell > netfilter about for it to do the redirection (and there's no guarantee > they'll be the same ones tomorrow, next week, next month....). > > If you put a redirect rule into Squid, it will use www.microsoft.com instead > of an IP address, and you will get the result you want. > > Also, Squid will help when you want to change things after the first / in the Thanks Antony for y0ou fast reply, actaully im practing on my own box not on company cache server "squid" Regards Askar > URL too - netfilter cannot possibly do that for you. > > Regards, > > Antony. > > -- > The lottery is a tax for people who can't do maths. > > Please reply to the list; > please don't CC me. > >
