Re: custom redirector

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 12 August 2004 5:58 pm, Nicolás Velásquez O. wrote:

> Hello there,
>
> I want to do some custom redirection rules, I've searched the web with
> no success.
>
> What I want to do is to set the forward policy a redirect.

You can only set the default policy of a chain to ACCEPT or DROP.

> Here is what I was trying without success:
> $IPTABLES -t nat -N MY_REDIRECTOR_POLICY
> $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -p TCP --dport 80 -j
> MY_REDIRECTOR_POLICY --to-port 81
> $IPTABLES -A MY_REDIRECTOR_POLICY -j REDIRECT --to-port 81
> $IPTABLES -A FORWARD -j MY_REDIRECTOR_POLICY
>
> That snip would go at the end of the rules. so it will work like a
> policy.

Yes, that would work in the same way as a default policy, agreed.

However, the REDIRECT target is only valid in the net table, therefore your 
third rule above needs a "-t nat" in it.

The first rule doesn't need "-t nat" because you are creating a chain, and 
user-defined chains contain all tables as standard.

I don't understand why you don't simply write the second rule as "iptables  -t 
nat -A PREROUTING -i $LAN_IFACE -p TCP --dport 80 -j REDIRECT --to 81"

If you keep in mind that REDIRECT has to happen in the PREROUTING chain, which 
is before the FORWARD chain, you should be able to sort things out.

Regards,

Antony.

-- 
"Note: Windows 98, Windows 98SE and Windows 95 are not affected by [MS
Blaster].   However, these products are no longer supported.   Users of these
products are strongly encouraged to upgrade to later versions."

(which *are* affected by MS Blaster...)

http://www.microsoft.com/security/security_bulletins/ms03-026.asp

                                                     Please reply to the list;
                                                           please don't CC me.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux