how to redirect to an URL using iptables?
Solution 1
If you want the redirected IP/URL to be shown in the browser, you need to send HTTP redirect response to the browser (like 301
). Then, the browser will send another request to the new location.
This can not be done using iptables. This needs to be done using any HTTP server/load balancer/proxy.
Solution 2
You can't do this with iptables. You're confusing layers in the networking stack: IP is layer 3 in the OSI model, HTTP is layer 7. See http://en.wikipedia.org/wiki/OSI_model
If you want to redirect URL requests you could use Apache together with mod_proxy.
Related videos on Youtube
user1216216
Updated on September 18, 2022Comments
-
user1216216 almost 2 years
I want to redirect all the incoming requests to an URL instead of an IP address how can i archive this.. And when I redirect using IP address the redirection is happening but the redirected IP/URL is not shown in the browser address bar.. how to change this?..
The following are the rules i'm setting,
echo "1" > /proc/sys/net/ipv4/ip_forward ebtables -t nat -N GUEST ebtables -t nat -A PREROUTING -i eth0 -j GUEST ebtables -t nat -N GUEST-REDIRECT ebtables -t nat -A GUEST-REDIRECT -j mark --mark-set 1 --mark-target CONTINUE ebtables -t nat -A GUEST-REDIRECT -j redirect ebtables -t nat -A GUEST -p 0x800 --pkttype-type otherhost --ip-proto 6 --ip-dport 80 -j GUEST-REDIRECT iptables -t nat -A PREROUTING -p tcp -m mark --mark 1 -j DNAT --to-destination 172.40.1.0 iptables -t nat -A POSTROUTING -j MASQUERADE
The clients are redirected to the IP 172.40.1.0. but what i want is to redirect the request to a URL[ example: www.facebook.com/user ].
When I use the above rules the clients are redirected to the IP 172.40.1.0 but in the address bar of the browser its still showing the requested URL not the redirected one.
-
symcbean almost 12 yearsThis question makes no sense - you can't convert a URL into an IP address. Turning lead into gold is simpler since they're both elements. Perhaps if you gave an example of what you're trying to achieve (input and output) then you might get a sensible answer.
-
Colin 't Hart almost 12 yearsBut it would be really cool if someone could write an "httptables" module for the Linux kernel!
-
user1216216 almost 12 yearsbut shall I achieve this by redirect to some other port[say 8080] and execute a program on the redirected port[8080] to redirect?..
-
Colin 't Hart almost 12 years@symcbean and I are both unsure what you're trying to do. Please update your question.
-
user1216216 almost 12 yearshow do i check that my machine is already having HTTP server/load balancer/proxy or not?..
-
Zdenek about 5 yearsThe
MASQUERADE
target is counter-productive unless the connection needs to continue against its natural routing direction (such as out of the NIC it came from). UsingMASQUERADE
will deprive your web server from knowing the client's IP which can be quite detrimental. In this case, just the single DNAT will do the trick. Perhaps change-A
to-I
to fix any firewall issues.