Hello, Billy Crook a écrit : > On Tue, Dec 14, 2010 at 08:54, iic1tls <iic1tls@xxxxxxxxx> wrote: >> I have attempted several iptables rules, including: >> iptables -v -t nat -A PREROUTING --in-interface eth1 --dport 80 -d >> www.website.com -j DNAT --to 149.10.10.25 > > When you hit enter to commit this rule the iptables command resolves > www.website.com to an ip address, and then hands the request to add a > rule to netfilter. The in-kernel rule will not change when > website.com's IP changes, which may happen at any time. If clients > get a different IP for website.com (say they have multiple IPs), their > access will not be intercepted by the iptables rule. Conversely, access to any other site hosted at the same IP address will be intercepted. > iptables does not filter on domain names. Nor web site (HTTP Host:) names. Bottom line. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
