How can I use iptables to forward all traffic to a certain website?
I believe you are looking for Destination NAT target in the PREROUTING chain. This redirects any request coming across the interface to the desired destination. (Your registration server.)
/sbin/iptables -t nat -A PREROUTING -s [source network/mask] -p tcp --dport 80 -j DNAT --to-destination [your webserver]
This is described in detail on the famous site Upside-Down-Ternet where Wi-Fi leeches are redirected to kittenwar. http://www.ex-parrot.com/~pete/upside-down-ternet.html
Related videos on Youtube
John
Updated on September 18, 2022Comments
-
John almost 2 years
I have a Radius server doing Mac Auth on VLANs. If the MAC address isn't in the allowed table, the user is put into a separate VLAN. What I want to do on that separate VLAN, is have my Debian server giving out IP's via a DHCP server.
What I need help with is the following: how do I use iptables to redirect all access from the clients to my webpage? I want to serve the webpage so they can register their device. I have a DHCP setup working as well as Apache, I just can't seem to get iptables to redirect this traffic.
-
John over 12 yearsfollowing that i get a no chains error, which is fine, easy to fix, i added -t nat before the -A...still doesn't work, is there anything else I need to do in iptables for this to work?
-
Aaron Copley over 12 yearsShouldn't be any thing, but I can't test it at the moment to verify. I've used the instructions in the link before and compared to the same in the book, "Linux iptables Pocket Reference." Rather than matching on the source network, try
-i eth0
(or whatever your interface is.) -
John over 12 yearsYes webserver is listening on 80, on the client I can go to the destination address in iptables and it works.
# Generated by iptables-save v1.4.8 on Wed Feb 29 15:50:22 2012 *nat :PREROUTING ACCEPT [1:33] :POSTROUTING ACCEPT [1:132] :OUTPUT ACCEPT [1:132] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.147.249 COMMIT # Completed on Wed Feb 29 15:50:22 2012
-
Aaron Copley over 12 yearsAnd this host is your gateway on that VLAN? I can't imagine why it isn't working.
-
John over 12 yearsthats what i want it to be, just a gateway on that vlan. host has 1 nic in it because i don't want it routing traffic out, just anyone in this vlan, when they open browser, they get redirected to register then radius puts them in separate vlan for browing. i must be missing something with iptables...
-
Pitto about 11 yearstotally worked for me! Thanks! I just need something to handle 443 traffic and redirect it to port 80 on the other webserver but I loved this. thanks :)