Thanks Jonathan, but I can not modify the DNS. I need an IPTables solution. THANK YOU -----Original Message----- From: Jonathan Tripathy [mailto:jonnyt@xxxxxxxxxxx] Sent: Tuesday, December 14, 2010 8:59 AM To: iic1tls@xxxxxxxxx; netfilter@xxxxxxxxxxxxxxx Subject: Re: Bastion Firewall Host Redirect Question > > QUESTION > Given that clients on the internal network can freely surf the internet: if > the clients select a specific web site (ie www.website.com), my goal is to > configure IPTables to instead redirect the client to the internal web > server. > > - If the client web browser is going to surf www.website.com, then iptables > redirects the client to 149.10.10.25 > - If the client web browser is going to surf any other website, then > iptables permits the client to forward to the internet. > > Use a local DNS server and set the hostname of the site that you want to re-direct to your local webserver. You can secure this setup a bit more by using a proxy server (Squid + SquidGuard) to prevent clients entering the IPs directly. The only thing that IPTables would do is make sure that only your proxy server can access the internet directly -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
