Bastion Firewall Host Redirect Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear All,
 
Thank you for your time, and please reply to this message if you have any
suggestions.
 
Before posing my question, some background:
 
A firewall has been constructed using RH Fedora 13, Kernel 2.6.34.7-63, and
IPTables 1.4.7.  The firewall is a simple, twin adapter configuration, with
the external interface (eth0) facing the internet, and the other interface
(eth1) facing a small private network (single IP subnet).  The firewall is a
bastion host, meaning that the firewall host contains nothing but the
operating system, IPTables, and only those items needed to support operation
of the host itself.  The firewall does not run any other applications.
 
Contained within the private network is a web server.
 
Network:
Base Address: 149.10.10.0/24
Web Server: 149.10.10.25
Clients: located at various addresses on the subnet.
Firewall eth1 Address: 149.10.10.1
DNS Address: 149.10.10.2
 
QUESTION
Given that clients on the internal network can freely surf the internet: if
the clients select a specific web site (ie www.website.com), my goal is to
configure IPTables to instead redirect the client to the internal web
server.
 
- If the client web browser is going to surf www.website.com, then iptables
redirects the client to 149.10.10.25
- If the client web browser is going to surf any other website, then
iptables permits the client to forward to the internet.
 
***
 
I have attempted several iptables rules, including:
 
iptables -v -t nat -A PREROUTING --in-interface eth1 --dport 80 -d
www.website.com -j DNAT --to 149.10.10.25
 
However, this appears to have no effect.
 
Can you please recommend the rule I should be using to perform this feat?
 
THANK YOU

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux