-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pascal Hambourg wrote: > Hello, > > Giovanni Lovato a écrit : >> >> I'm trying to forward packets to different hosts depending on the "Host" >> header in HTTP packets, e.g. packets on port 80 requesting "Host: >> one.example.org" to 192.168.0.1 and all other on port 80 to 192.128.0.2. >> I did: >> >> iptables -t nat -A PREROUTING -p TCP -i eth0 -m string --algo bm >> - --string "Host: one.example.org" --destination-port 80 -j DNAT >> - --to-destination 192.168.0.1 >> >> iptables -t nat -A PREROUTING -p TCP -i eth0 --destination-port 80 -j >> DNAT --to-destination 192.168.0.2 >> >> But all packets are going to 192.168.0.2. Do I miss something? > > Rules in the 'nat' table apply only to the first packet of a new > connection. NAT operations for the whole connection is determined by the > NAT rules applied to the first (SYN) packet of the connection, which > does not contain any HTTP payload data such as the "Host" header. So the > first rule never matches a packet. As suggested, use a HTTP proxy instead. Thank you all. I used Apache mod_proxy_http to gain my needs! G.L. - -- www.aldu.net/~heruan giovanni.lovato@xxxxxxxx ldaps://pgpkeys.aldu.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF9vKJaWLXrn9dopwRAm8AAJ9QJ/EkKwVh6+rNrLGRABVT/gqz5ACfbw1Y AV92Cm4Mo4AlN/2zcDEXiUU= =NNvp -----END PGP SIGNATURE-----
