I am trying to set up a "stand-alone" internet lab environment where my web server will be on the internet side of a router serving up a training website. The clients will only be able to access those web pages, not the "Real" internet. It would best if users were routed to that web page regardless of whatever internet address they entered (except for server management screens). I'm thinking the following: Requested website // Destination page served up cnn.com // myserver/index.html whatever.com // myserver/index.html myserver:8081 // myserver/management.html cnn.com:8081 // myserver/management.html I'm think maybe appropriate entry(s) in iptables will do this but I am not quite sure how to proceed. I think I need something like: iptables -A PREROUTING -p tcp -dport 80 -j REDIRECT --to-ports 80 # web server iptables -A PREROUTING -p tcp -dport 8081 -j REDIRECT --to-ports 8081 # mgmt server The two server need to be configured to answer on those ports or maybe # let only appweb answer normal port 80 traffic iptables -A INPUT -p tcp --dport 80 ! --uid-owner appweb -j REJECT --reject -with -tcp-reset Am I close? Thanks Ken
